Bug #2501

Fix con->conf.is_ssl handling

Added by stbuehler over 2 years ago. Updated over 2 years ago.

Status:FixedStart date:2013-07-31
Priority:NormalDue date:
Assignee:-% Done:


Target version:1.4.33
Missing in 1.5.x:No


PATCH(is_ssl) is broken, because whether a connection is ssl or not cannot depend on the config directly.

Associated revisions

Revision 2887
Added by stbuehler over 2 years ago

[ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)

con->conf.is_ssl got removed and replaced by: * con->conf.ssl_enabled for the config var "ssl.engine" - it is only
used to determine which server-sockets should use ssl. (usually not
needed as it is mandatory and enough to set ssl.pemfile anyway) * con->srv_socket->is_ssl to detect the actual ssl status of the
bound socket, which is the same as the ssl status of the connection * con->uri.scheme for the actual $HTTP["scheme"] value, also used for
the CGI "HTTPS=ON" variable. This defaults to "https" if the
connection uses ssl, but can be changed for example by mod_extforward
if X-Forwarded-Proto: is set to either "http" or "https" (other values
are ignored right now)

Also removed the broken srv_socket->is_proxy_ssl as it was a connection
value in a server_socket struct...


#1 Updated by stbuehler over 2 years ago

  • Description updated (diff)

#2 Updated by stbuehler over 2 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2887.

Also available in: Atom