rgw: s3: secure_port should override port, also apply ssl default right.

Without https, only port is set.  With https, secure_port and port are
both set to the same value.  The previous logic looked at port first and
had overly simplified conditional logic which was liable to try to apply
both non-default cases.  The correct behavior is: look secure_port first,
and if secure_port is set, then only check to see if it's a non-default
port.

Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit a113cf5ff5a642d2ee4cc83f5c7001b4bfe0a5df)

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 00b7fd46cd8c5bd1898e8fa98f4b13be2f545e67..c81378fb5d185af96aa450583a4e6443a8210f9b 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3674,10 +3674,12 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s)
     }
     string token_value = string(t);
     if (using_qs && (token == "host")) {
-      if (!port.empty() && port != "80" && port != "0") {
-        token_value = token_value + ":" + port;
-      } else if (!secure_port.empty() && secure_port != "443") {
-        token_value = token_value + ":" + secure_port;
+      if (!secure_port.empty()) {
+       if (secure_port != "443")
+         token_value = token_value + ":" + secure_port;
+      } else if (!port.empty()) {
+       if (port != "80")
+         token_value = token_value + ":" + port;
       }
     }
     canonical_hdrs_map[token] = rgw_trim_whitespace(token_value);