You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2013/10/31 16:42:08 UTC

svn commit: r1537535 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c ssl_engine_init.c

Author: jorton
Date: Thu Oct 31 15:42:08 2013
New Revision: 1537535

URL: http://svn.apache.org/r1537535
Log:
For better compatibility with mod_nss:

* modules/ssl/ssl_engine_config.c (ssl_config_server_new): Default
  sc->enabled to UNSET.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Only override
  sc->enabled based on the protocol iff sc->enabled is UNSET; allows
  "SSLEngine off" to override the Listen-based default.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1537535&r1=1537534&r2=1537535&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Thu Oct 31 15:42:08 2013
@@ -203,7 +203,7 @@ static SSLSrvConfigRec *ssl_config_serve
     SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
 
     sc->mc                     = NULL;
-    sc->enabled                = SSL_ENABLED_FALSE;
+    sc->enabled                = SSL_ENABLED_UNSET;
     sc->proxy_enabled          = UNSET;
     sc->vhost_id               = NULL;  /* set during module init */
     sc->vhost_id_len           = 0;     /* set during module init */

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1537535&r1=1537534&r2=1537535&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Thu Oct 31 15:42:08 2013
@@ -115,13 +115,16 @@ int ssl_init_Module(apr_pool_t *p, apr_p
         sc->vhost_id = ssl_util_vhostid(p, s);
         sc->vhost_id_len = strlen(sc->vhost_id);
 
-        if (ap_get_server_protocol(s) &&
-            strcmp("https", ap_get_server_protocol(s)) == 0) {
+        /* Default to enabled if SSLEngine is not set explicitly, and
+         * the protocol is https. */
+        if (ap_get_server_protocol(s) 
+            && strcmp("https", ap_get_server_protocol(s)) == 0
+            && sc->enabled == SSL_ENABLED_UNSET) {
             sc->enabled = SSL_ENABLED_TRUE;
         }
 
-        /* If sc->enabled is UNSET, then SSL is optional on this vhost  */
-        /* Fix up stuff that may not have been set */
+        /* Fix up stuff that may not have been set.  If sc->enabled is
+         * UNSET, then SSL is disabled on this vhost.  */
         if (sc->enabled == SSL_ENABLED_UNSET) {
             sc->enabled = SSL_ENABLED_FALSE;
         }