check for all HTTP methods [branch master] #26968
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE) CLA: trivial
t-j-h
approved these changes
Mar 4, 2025
Member
|
Ok with trivial for this |
t8m
added
branch: master
t8m
added
approval: done
Contributor
Author
|
i don't understand the failing test... can someone give me a hint? |
Member
It is unrelated to your PR. There is an intermittent issue which we are currently investigating. |
Collaborator
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
t8m
added
approval: ready to merge
Member
|
Merged to the master branch. Thank you for your contribution. |
openssl-machine
pushed a commit
that referenced
this pull request
Mar 5, 2025
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE) CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #26968)
daum3ns
pushed a commit
to daum3ns/httpd
that referenced
this pull request
Mar 18, 2025
Instead of disabling the ssl filter and hand a fake request back to the core handler we should abort the connection directly. The current implementation allows to exhaust workers by sending HTTP requests on HTTPS port. Additionally the OpenSSL library doesn't detect HTTP PATCH, OPTIONS, DELETE and TRACE methods, so the current implementation is also buggy. See this openssl PR: openssl/openssl#26968
daum3ns
added a commit
to daum3ns/httpd
that referenced
this pull request
Mar 18, 2025
Shutdown the ssl filter instead of disabling it and create a fake request to pass it to the core filter. The current implementation allows to exhaust worker threads by sending HTTP on HTTPS. Additionally the Openssl library doesn't recognize the http methods PATCH, DELETE, OPTIONS and TRACE, so the current implementation only works partially. See the PR here: openssl/openssl#26968
daum3ns
added a commit
to daum3ns/httpd
that referenced
this pull request
Mar 18, 2025
Shutdown the ssl filter and abort the connection instead of disabling is and pass a fake request to the core handler. The current implementation allows to exhaust workers by sendin HTTP request to HTTPS port. Additionally the Openssl lib doesn't detect the http methods PATCH, DELETE, OPTIONS and TRACE. So the current implementation only works partially. See openssl PR: openssl/openssl#26968
DDvO
pushed a commit
to siemens/openssl
that referenced
this pull request
Jun 16, 2025
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE) CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#26968)
MichaelA-Fireblocks
pushed a commit
to MichaelA-Fireblocks/openssl
that referenced
this pull request
Jul 15, 2025
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE) CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#26968)
MichaelA-Fireblocks
pushed a commit
to MichaelA-Fireblocks/openssl
that referenced
this pull request
Jul 15, 2025
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE) CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#26968)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The change checks for all HTTP methods in ssl_record, not only GET, POST, PUT and HEAD. (additionally PATCH, DELETE, OPTIONS and TRACE)
CLA: trivial