2 Fix false negatives on plain-HTTP-not-SSL error (Steve Henson).
4 Fix streaming of nph- CGI scripts over SSL.
6 --- httpd-2.0.48/modules/ssl/ssl_engine_io.c.sslio
7 +++ httpd-2.0.48/modules/ssl/ssl_engine_io.c
9 outctx->rc = APR_EAGAIN;
10 return SSL_ERROR_WANT_READ;
12 - else if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
13 + else if (ERR_GET_LIB(ERR_peek_error()) == ERR_LIB_SSL &&
14 + ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
16 * The case where OpenSSL has recognized a HTTP request:
17 * This means the client speaks plain HTTP on our HTTPS port.
19 apr_status_t status = APR_SUCCESS;
20 ssl_filter_ctx_t *filter_ctx = f->ctx;
21 bio_filter_in_ctx_t *inctx;
22 + bio_filter_out_ctx_t *outctx;
23 + apr_read_type_e rblock = APR_NONBLOCK_READ;
26 apr_brigade_cleanup(bb);
30 inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
31 + outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
33 /* When we are the writer, we must initialize the inctx
34 * mode so that we block for any required ssl input, because
35 * output filtering is always nonblocking.
38 if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) {
39 if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
40 - bio_filter_out_ctx_t *outctx =
41 - (bio_filter_out_ctx_t *)(filter_ctx->pbioWrite->ptr);
45 @@ -1343,7 +1346,18 @@
49 - status = apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
50 + status = apr_bucket_read(bucket, &data, &len, rblock);
52 + if (APR_STATUS_IS_EAGAIN(status)) {
53 + /* No data available: flush... */
54 + if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
55 + status = outctx->rc;
58 + rblock = APR_BLOCK_READ;
59 + continue; /* and try again with a blocking read. */
61 + rblock = APR_NONBLOCK_READ;
63 if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {