OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: svn commit: r1834924 - /httpd/httpd/branches/2.4.x/STATUS


On Tue, Jul 3, 2018 at 8:58 AM,  <rpluem@xxxxxxxxxx> wrote:
>
> +++ httpd/httpd/branches/2.4.x/STATUS Tue Jul  3 06:58:55 2018
> @@ -179,7 +179,11 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>       2.4.x patch: svn merge -c 1645529 ^/httpd/httpd/trunk .
>       +1: ylavic, druggeri
>       druggeri: Why no +1, jallietc36?
> -
> +     rpluem: I think the patch is wrong here and in trunk. This causes
> +     ap_pass_brigade to return APR_SUCCESS in ap_proxy_pass_brigade. The error
> +     bucket inserted by ssl_io_filter_error IMHO makes no sense because it
> +     would be sent to the origin server (the proxy backend) and not to our
> +     client. Further discussion should possibly happen on dev@.

Agreed, but r1645529 looks right to me, I'd rather fix
ssl_io_filter_error() to return EGENERAL (and no error brigade) in
this case.

Something like this:
Index: modules/ssl/ssl_engine_io.c
===================================================================
--- modules/ssl/ssl_engine_io.c    (revision 1834106)
+++ modules/ssl/ssl_engine_io.c    (working copy)
@@ -1008,14 +1008,10 @@ static apr_status_t ssl_io_filter_error(bio_filter
             break;

     case MODSSL_ERROR_BAD_GATEWAY:
-        /* Send an error bucket, though the proxy currently has no
-         * special handling for error buckets and ignores this. */
-        bucket = ap_bucket_error_create(HTTP_BAD_GATEWAY, NULL,
-                                        f->c->pool,
-                                        f->c->bucket_alloc);
         ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, APLOGNO(01997)
                       "SSL handshake failed: sending 502");
-        break;
+        f->c->aborted = 1;
+        return APR_EGENERAL;

     default:
         return status;
?