Changeset 8ac7c0d in mod_gnutls for src


Ignore:
Timestamp:
Feb 11, 2016, 2:48:07 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
a038290
Parents:
7aeabcb
git-author:
Thomas Klute <thomas2.klute@…> (02/11/16 14:21:17)
git-committer:
Thomas Klute <thomas2.klute@…> (02/11/16 14:48:07)
Message:

Register "ssl_is_https" function for compatibility with mod_rewrite

mod_rewrite calls this function to fill its %{HTTPS} special variable,
and not providing it meant that conditions like

RewriteCond? "%{HTTPS}" "off"

would match HTTPS connections using mod_gnutls. When used to redirect
clients from HTTP to HTTPS connections, this could lead to redirection
loops as reported in Debian bug #514005 [1]. In addition to
registering the function this commit also adds a test chase that
checks if an HTTP to HTTPS redirection works.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514005

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    r7aeabcb r8ac7c0d  
    6969    APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
    7070    APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
    71 }
    72 
     71
     72    /* mod_rewrite calls this function to detect HTTPS */
     73    APR_REGISTER_OPTIONAL_FN(ssl_is_https);
     74}
     75
     76
     77
     78/*
     79 * mod_rewrite calls this function to fill %{HTTPS}. A non-zero return
     80 * value means that HTTPS is in use.
     81 */
    7382int ssl_is_https(conn_rec *c)
    7483{
    7584    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    7685        ap_get_module_config(c->base_server->module_config, &gnutls_module);
    77     if(sc->enabled == 0 || sc->non_ssl_request == 1) {
     86    mgs_handle_t *ctxt = (mgs_handle_t *)
     87        ap_get_module_config(c->conn_config, &gnutls_module);
     88
     89    if(sc->enabled == GNUTLS_ENABLED_FALSE
     90       || ctxt == NULL
     91       || ctxt->enabled == GNUTLS_ENABLED_FALSE)
     92    {
    7893        /* SSL/TLS Disabled or Plain HTTP Connection Detected */
    7994        return 0;
     
    8297    return 1;
    8398}
     99
     100
    84101
    85102int ssl_engine_disable(conn_rec *c)
Note: See TracChangeset for help on using the changeset viewer.