You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jk...@apache.org on 2014/10/20 11:18:22 UTC

svn commit: r1633085 - /httpd/httpd/trunk/modules/ssl/ssl_engine_io.c

Author: jkaluza
Date: Mon Oct 20 09:18:22 2014
New Revision: 1633085

URL: http://svn.apache.org/r1633085
Log:
mod_ssl: Fix SSL_CLIENT_VERIFY value when "SSLVerifyClient optional_no_ca" and
SSLSessionCache are used and SSL session is resumed. SSL_CLIENT_VERIFY value
has been set to SUCCESS on resumption even when originally it was set to
GENEROUS. PR 53193.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_io.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=1633085&r1=1633084&r2=1633085&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Mon Oct 20 09:18:22 2014
@@ -1322,6 +1322,11 @@ static apr_status_t ssl_io_filter_handsh
                           "\"SSLVerifyClient optional_no_ca\" "
                           "configuration");
             ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
+
+            /* on session resumption ssl_callback_SSLVerify() 
+             * will not be called, therefore we have to set it here
+             */
+            sslconn->verify_info = "GENEROUS";
         }
         else {
             const char *error = sslconn->verify_error ?