httpd-2.0.46-sslio.patch

   1
   2 Fix false negatives on plain-HTTP-not-SSL error (Steve Henson).
   3
   4 Fix streaming of nph- CGI scripts over SSL.
   5
   6 --- httpd-2.0.48/modules/ssl/ssl_engine_io.c.sslio
   7 +++ httpd-2.0.48/modules/ssl/ssl_engine_io.c
   8 @@ -1091,7 +1091,8 @@
   9              outctx->rc = APR_EAGAIN;
  10              return SSL_ERROR_WANT_READ;
  11          }
  12 -        else if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
  13 +        else if (ERR_GET_LIB(ERR_peek_error()) == ERR_LIB_SSL &&
  14 +                 ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
  15              /*
  16               * The case where OpenSSL has recognized a HTTP request:
  17               * This means the client speaks plain HTTP on our HTTPS port.
  18 @@ -1281,6 +1282,8 @@
  19      apr_status_t status = APR_SUCCESS;
  20      ssl_filter_ctx_t *filter_ctx = f->ctx;
  21      bio_filter_in_ctx_t *inctx;
  22 +    bio_filter_out_ctx_t *outctx;
  23 +    apr_read_type_e rblock = APR_NONBLOCK_READ;
  24
  25      if (f->c->aborted) {
  26          apr_brigade_cleanup(bb);
  27 @@ -1293,6 +1296,8 @@
  28      }
  29
  30      inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
  31 +    outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
  32 +
  33      /* When we are the writer, we must initialize the inctx
  34       * mode so that we block for any required ssl input, because
  35       * output filtering is always nonblocking.
  36 @@ -1312,8 +1317,6 @@
  37           */
  38          if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) {
  39              if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
  40 -                bio_filter_out_ctx_t *outctx =
  41 -                       (bio_filter_out_ctx_t *)(filter_ctx->pbioWrite->ptr);
  42                  status = outctx->rc;
  43                  break;
  44              }
  45 @@ -1343,7 +1346,18 @@
  46              const char *data;
  47              apr_size_t len;
  48
  49 -            status = apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
  50 +            status = apr_bucket_read(bucket, &data, &len, rblock);
  51 +
  52 +            if (APR_STATUS_IS_EAGAIN(status)) {
  53 +                /* No data available: flush... */
  54 +                if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
  55 +                    status = outctx->rc;
  56 +                    break;
  57 +                }
  58 +                rblock = APR_BLOCK_READ;
  59 +                continue; /* and try again with a blocking read. */
  60 +            }
  61 +            rblock = APR_NONBLOCK_READ;
  62
  63              if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
  64                  break;