FYI, if anybody else is interesting is testing the TLS upgrade
functionality, there is a small test utility
(http://www.apache.org/~bnicholes/tlsupgrade.c) that can be used to send
an upgradeable GET or POST request.
Brad
[EMAIL PROTECTED] Wednesday, December 08, 2004 9:01:22 AM
It may be a bit of a hack, but it seems reasonable to me. The best
part is that it works.
+1
Brad
[EMAIL PROTECTED] Wednesday, December 08, 2004 2:33:48 AM
On Tue, Dec 07, 2004 at 05:14:40PM -0700, Brad Nicholes wrote:
OK, now that you have enabled upgrades for anything other than
OPTIONS, I see the problem. Even though there is a content-length
included in the header, you are saying that the header is being sent
encrypted but the content is not, correct? And the reason for this
is
because there is more than one filter stack that needs to be
modified?
Yes. I think this fixes it, it's a bit of a hack though:
Index: modules/ssl/ssl_engine_io.c
===
--- modules/ssl/ssl_engine_io.c (revision 59)
+++ modules/ssl/ssl_engine_io.c (working copy)
@@ -1184,22 +1184,26 @@
apr_bucket *b;
SSL *ssl;
-/* Just remove the filter, if it doesn't work the first time, it
won't
- * work at all for this request.
- */
-ap_remove_output_filter(f);
+/* f-ctx is non-NULL after the first call to this filter: it's
+ * necessary to pass through directly to the connection
output_filters
+ * for the remainder of this request, since the SSL output filter
has
+ * not been added to r-output_filters for this request. */
+if (f-ctx) {
+return ap_pass_brigade(f-c-output_filters, bb);
+}
-/* No need to ensure that this is a server with optional SSL, the
filter
- * is only inserted if that is true.
- */
-
+/* No need to ensure that this is a server with optional SSL, the
+ * filter is only inserted if that is true. */
upgrade = apr_table_get(r-headers_in, Upgrade);
if (upgrade == NULL
|| strcmp(ap_getword(r-pool, upgrade, ','), TLS/1.0)) {
/* Upgrade: TLS/1.0, ... header not found, don't do Upgrade
*/
+ap_remove_output_filter(f);
return ap_pass_brigade(f-next, bb);
}
+f-ctx = f; /* flag as non-NULL for subsequent passes */
+
apr_table_unset(r-headers_out, Upgrade);
/* Send the interim 101 response. */
@@ -1245,7 +1249,6 @@
pass the brigade off to the connection based output filters so
that the
request can complete encrypted */
return ap_pass_brigade(f-c-output_filters, bb);
-
}
static apr_status_t ssl_io_filter_input(ap_filter_t *f,