From 480519c1a79db4c982937cf1be5ac43f944d2f1c Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Apr 16 2018 07:28:27 +0000 Subject: Fix to use correct multiproxy patch. --- diff --git a/httpd-2.4.18-sslmultiproxy.patch b/httpd-2.4.18-sslmultiproxy.patch deleted file mode 100644 index 3f00f3f..0000000 --- a/httpd-2.4.18-sslmultiproxy.patch +++ /dev/null @@ -1,98 +0,0 @@ -diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c -index 717a694..a3ce718 100644 ---- a/modules/ssl/mod_ssl.c -+++ b/modules/ssl/mod_ssl.c -@@ -395,6 +395,9 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) - return sslconn; - } - -+static typeof(ssl_proxy_enable) *othermod_proxy_enable; -+static typeof(ssl_engine_disable) *othermod_engine_disable; -+ - int ssl_proxy_enable(conn_rec *c) - { - SSLSrvConfigRec *sc; -@@ -403,6 +406,12 @@ int ssl_proxy_enable(conn_rec *c) - sc = mySrvConfig(sslconn->server); - - if (!sc->proxy_enabled) { -+ if (othermod_proxy_enable) { -+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, -+ "mod_ssl proxy not configured, passing through to other module."); -+ return othermod_proxy_enable(c); -+ } -+ - ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961) - "SSL Proxy requested for %s but not enabled " - "[Hint: SSLProxyEngine]", sc->vhost_id); -@@ -422,6 +431,10 @@ int ssl_engine_disable(conn_rec *c) - - SSLConnRec *sslconn = myConnConfig(c); - -+ if (othermod_engine_disable) { -+ othermod_engine_disable(c); -+ } -+ - if (sslconn) { - sc = mySrvConfig(sslconn->server); - } -@@ -621,6 +634,9 @@ static void ssl_register_hooks(apr_pool_t *p) - ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE); - - ssl_var_register(p); -+ -+ othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable); -+ othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable); - - APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); - APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); -diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c -index a6b0d0d..24fd8c7 100644 ---- a/modules/ssl/ssl_engine_vars.c -+++ b/modules/ssl/ssl_engine_vars.c -@@ -54,6 +54,8 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, SSLConnRec *sslconn, char - static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize); - static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var); - static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl); -+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https; -+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup; - - static SSLConnRec *ssl_get_effective_config(conn_rec *c) - { -@@ -68,7 +70,9 @@ static SSLConnRec *ssl_get_effective_config(conn_rec *c) - static int ssl_is_https(conn_rec *c) - { - SSLConnRec *sslconn = ssl_get_effective_config(c); -- return sslconn && sslconn->ssl; -+ -+ return (sslconn && sslconn->ssl) -+ || (othermod_is_https && othermod_is_https(c)); - } - - static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION; -@@ -137,6 +141,9 @@ void ssl_var_register(apr_pool_t *p) - { - char *cp, *cp2; - -+ othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https); -+ othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); -+ - APR_REGISTER_OPTIONAL_FN(ssl_is_https); - APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); - APR_REGISTER_OPTIONAL_FN(ssl_ext_list); -@@ -272,6 +279,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, - */ - if (result == NULL && c != NULL) { - SSLConnRec *sslconn = ssl_get_effective_config(c); -+ -+ if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) -+ && (!sslconn || !sslconn->ssl) && othermod_var_lookup) { -+ /* For an SSL_* variable, if mod_ssl is not enabled for -+ * this connection and another SSL module is present, pass -+ * through to that module. */ -+ return othermod_var_lookup(p, s, c, r, var); -+ } -+ - if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) - && sslconn && sslconn->ssl) - result = ssl_var_lookup_ssl(p, sslconn, r, var+4);