mirror of
https://github.com/apache/httpd.git
synced 2025-08-01 16:41:19 +00:00
update SNI validation
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927035 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
@ -370,19 +370,6 @@ int ssl_hook_ReadReq(request_rec *r)
|
|||||||
" provided in HTTP request", servername);
|
" provided in HTTP request", servername);
|
||||||
return HTTP_BAD_REQUEST;
|
return HTTP_BAD_REQUEST;
|
||||||
}
|
}
|
||||||
if (r->server != handshakeserver
|
|
||||||
&& !ssl_server_compatible(sslconn->server, r->server)) {
|
|
||||||
/*
|
|
||||||
* The request does not select the virtual host that was
|
|
||||||
* selected by the SNI and its SSL parameters are different
|
|
||||||
*/
|
|
||||||
|
|
||||||
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
|
|
||||||
"Hostname %s provided via SNI and hostname %s provided"
|
|
||||||
" via HTTP have no compatible SSL setup",
|
|
||||||
servername, r->hostname);
|
|
||||||
return HTTP_MISDIRECTED_REQUEST;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
|
else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
|
||||||
|| hssc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
|
|| hssc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
|
||||||
@ -403,6 +390,21 @@ int ssl_hook_ReadReq(request_rec *r)
|
|||||||
"which is required to access this server.<br />\n");
|
"which is required to access this server.<br />\n");
|
||||||
return HTTP_FORBIDDEN;
|
return HTTP_FORBIDDEN;
|
||||||
}
|
}
|
||||||
|
if (r->server != handshakeserver
|
||||||
|
&& !ssl_server_compatible(sslconn->server, r->server)) {
|
||||||
|
/*
|
||||||
|
* The request does not select the virtual host that was
|
||||||
|
* selected for handshaking and its SSL parameters are different
|
||||||
|
*/
|
||||||
|
|
||||||
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
|
||||||
|
"Hostname %s %s and hostname %s provided"
|
||||||
|
" via HTTP have no compatible SSL setup",
|
||||||
|
servername ? servername : handshakeserver->server_hostname,
|
||||||
|
servername ? "provided via SNI" : "(default host as no SNI was provided)",
|
||||||
|
r->hostname);
|
||||||
|
return HTTP_MISDIRECTED_REQUEST;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
modssl_set_app_data2(ssl, r);
|
modssl_set_app_data2(ssl, r);
|
||||||
|
Reference in New Issue
Block a user