HTTPS multiple listen directive problem with FastCGI

Question

HTTPS multiple listen directive problem with FastCGI

brendonm opened this issue 9 years ago · comments

When a server is configured with 2 listen options, one for port 80 and the other for tls port 443, there is a problem with the HTTPS=on flag that goes through FastCGI.

Using the following configuration:

listen on $ext_ip tls port 443
listen on $ext_ip port 80

The HTTPS=on flag is sent through FastCGI regardless of whether you connect to the server via HTTP or HTTPS.

Using the following configuration (reordered from above):

listen on $ext_ip port 80
listen on $ext_ip tls port 443

The HTTPS=on flag is never sent through FastCGI, even if you connect using HTTPS.

I suspect the HTTPS=on flag is being set based on what is first in the configuration instead of the connection type.

Reyk Floeter · Answer 1 · Fri Jul 17 2015 03:11:22 GMT+0800 (China Standard Time)

Fixed by jsing@ in -current: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/parse.y?rev=1.69&content-type=text/x-cvsweb-markup

Reyk Floeter · Answer 2 · Fri Jul 17 2015 03:12:13 GMT+0800 (China Standard Time)

The actual diff: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/parse.y.diff?r1=1.68&r2=1.69