summaryrefslogtreecommitdiffstats
path: root/modules/http2/h2_response.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/http2/h2_response.c')
-rw-r--r--modules/http2/h2_response.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/modules/http2/h2_response.c b/modules/http2/h2_response.c
index 9cedd85561..bd0a5fba97 100644
--- a/modules/http2/h2_response.c
+++ b/modules/http2/h2_response.c
@@ -25,6 +25,7 @@
#include <nghttp2/nghttp2.h>
#include "h2_private.h"
+#include "h2_h2.h"
#include "h2_util.h"
#include "h2_response.h"
@@ -41,6 +42,7 @@ static int ignore_header(const char *name)
}
h2_response *h2_response_create(int stream_id,
+ int rst_error,
const char *http_status,
apr_array_header_t *hlines,
apr_pool_t *pool)
@@ -53,7 +55,8 @@ h2_response *h2_response_create(int stream_id,
}
response->stream_id = stream_id;
- response->status = http_status;
+ response->rst_error = rst_error;
+ response->status = http_status? http_status : "500";
response->content_length = -1;
if (hlines) {
@@ -112,6 +115,19 @@ h2_response *h2_response_rcreate(int stream_id, request_rec *r,
response->status = apr_psprintf(pool, "%d", r->status);
response->content_length = -1;
response->rheader = header;
+
+ if (r->status == HTTP_FORBIDDEN) {
+ const char *cause = apr_table_get(r->notes, "ssl-renegotiate-forbidden");
+ if (cause) {
+ /* This request triggered a TLS renegotiation that is now allowed
+ * in HTTP/2. Tell the client that it should use HTTP/1.1 for this.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, r->status, r,
+ "h2_response(%ld-%d): renegotiate forbidden, cause: %s",
+ (long)r->connection->id, stream_id, cause);
+ response->rst_error = H2_ERR_HTTP_1_1_REQUIRED;
+ }
+ }
return response;
}