# Initialize SSL for this connection
if ($use_ssl) {
- $ssl_con = &ssl_connection_for_ip(SOCK);
+ $ssl_con = &ssl_connection_for_ip(SOCK, 0);
$ssl_con || exit;
}
# Initialize SSL for this connection
if ($use_ssl) {
- $ssl_con = &ssl_connection_for_ip(SOCK);
+ $ssl_con = &ssl_connection_for_ip(
+ SOCK, $ipv6fhs{$s});
$ssl_con || exit;
}
return $ssl_ctx;
}
-# ssl_connection_for_ip(socket)
+# ssl_connection_for_ip(socket, ipv6-flag)
# Returns a new SSL connection object for some socket, or undef if failed
sub ssl_connection_for_ip
{
-local ($sock) = @_;
+local ($sock, $ipv6) = @_;
local $sn = getsockname($sock);
if (!$sn) {
print STDERR "Failed to get address for socket $sock\n";
return undef;
}
-local $myip = inet_ntoa((unpack_sockaddr_in($sn))[1]);
+local (undef, $myip, undef) = &get_address_ip($sn, $ipv6);
local $ssl_ctx = $ssl_contexts{$myip} || $ssl_contexts{"*"};
local $ssl_con = Net::SSLeay::new($ssl_ctx);
if ($config{'ssl_cipher_list'}) {
# Check the Referer: header for nasty redirects
my @referers = split(/\s+/, $gconfig{'referers'});
my $referer_site;
-if ($ENV{'HTTP_REFERER'} =~/^(http|https|ftp):\/\/([^:\/]+:[^@\/]+@)?([^\/:@]+)/) {
+my $r = $ENV{'HTTP_REFERER'};
+if ($r =~ /^(http|https|ftp):\/\/([^:\/]+:[^@\/]+@)?\[([^\]]+)\]/ ||
+ $r =~ /^(http|https|ftp):\/\/([^:\/]+:[^@\/]+@)?([^\/:@]+)/) {
$referer_site = $3;
}
my $http_host = $ENV{'HTTP_HOST'};
$http_host =~ s/:\d+$//;
+$http_host =~ s/^\[(\S+)\]$/$1/;
my $unsafe_index = $unsafe_index_cgi ||
&get_module_variable('$unsafe_index_cgi');
if ($0 &&
if ($referer_site) {
# From a known host
print &text('referer_warn',
- "<tt>".&html_escape($ENV{'HTTP_REFERER'})."</tt>", $url);
+ "<tt>".&html_escape($r)."</tt>", $url);
print "<p>\n";
print &text('referer_fix1', &html_escape($http_host)),"<p>\n";
print &text('referer_fix2', &html_escape($http_host)),"<p>\n";