VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-07-25 17:01:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

update SNI validation

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927035 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eric Covener
2025-07-07 11:51:57 +00:00
parent 5c8e7ca468
commit d76573e760
1 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
modules/ssl/ssl_engine_kernel.c
View File

@ -370,19 +370,6 @@ int ssl_hook_ReadReq(request_rec *r)
" provided in HTTP request", servername);
return HTTP_BAD_REQUEST;
}
if (r->server != handshakeserver
&& !ssl_server_compatible(sslconn->server, r->server)) {
/*
* The request does not select the virtual host that was
* selected by the SNI and its SSL parameters are different
*/
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
"Hostname %s provided via SNI and hostname %s provided"
" via HTTP have no compatible SSL setup",
servername, r->hostname);
return HTTP_MISDIRECTED_REQUEST;
}
}
else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
|| hssc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
@ -403,6 +390,21 @@ int ssl_hook_ReadReq(request_rec *r)
"which is required to access this server.<br />\n");
return HTTP_FORBIDDEN;
}
if (r->server != handshakeserver
&& !ssl_server_compatible(sslconn->server, r->server)) {
/*
* The request does not select the virtual host that was
* selected for handshaking and its SSL parameters are different
*/
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
"Hostname %s %s and hostname %s provided"
" via HTTP have no compatible SSL setup",
servername ? servername : handshakeserver->server_hostname,
servername ? "provided via SNI" : "(default host as no SNI was provided)",
r->hostname);
return HTTP_MISDIRECTED_REQUEST;
}
}
#endif
modssl_set_app_data2(ssl, r);