You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rj...@apache.org on 2016/02/13 02:52:31 UTC

svn commit: r1730146 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Author: rjung
Date: Sat Feb 13 01:52:31 2016
New Revision: 1730146

URL: http://svn.apache.org/viewvc?rev=1730146&view=rev
Log:
Support OpenSSL 1.1.0:
- Fix renegotiation for the client side
  of a proxy connection.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1730146&r1=1730145&r2=1730146&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sat Feb 13 01:52:31 2016
@@ -2139,7 +2139,9 @@ void ssl_callback_Info(const SSL *ssl, i
         if (state == SSL3_ST_SR_CLNT_HELLO_A
             || state == SSL23_ST_SR_CLNT_HELLO_A) {
 #else
-    if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_REJECT) {
+    if (!scr->is_proxy &&
+        (where & SSL_CB_HANDSHAKE_START) &&
+        scr->reneg_state == RENEG_REJECT) {
 #endif
             scr->reneg_state = RENEG_ABORT;
             ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
@@ -2149,13 +2151,18 @@ void ssl_callback_Info(const SSL *ssl, i
 #endif
     }
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-    else if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_ALLOW) {
+    else if (!scr->is_proxy &&
+             (where & SSL_CB_HANDSHAKE_START) &&
+             scr->reneg_state == RENEG_ALLOW) {
         scr->reneg_state = RENEG_STARTED;
     }
-    else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_STARTED) {
+    else if (!scr->is_proxy &&
+             (where & SSL_CB_HANDSHAKE_DONE) &&
+             scr->reneg_state == RENEG_STARTED) {
         scr->reneg_state = RENEG_DONE;
     }
-    else if ((where & SSL_CB_ALERT) &&
+    else if (!scr->is_proxy &&
+             (where & SSL_CB_ALERT) &&
              (scr->reneg_state == RENEG_ALLOW || scr->reneg_state == RENEG_STARTED)) {
         scr->reneg_state = RENEG_ALERT;
     }