You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rp...@apache.org on 2018/10/16 12:55:01 UTC

svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Author: rpluem
Date: Tue Oct 16 12:55:01 2018
New Revision: 1844002

URL: http://svn.apache.org/viewvc?rev=1844002&view=rev
Log:
* Correctly merge configurations that have client certificates set
  by SSLProxyMachineCertificate{File|Path}.
  The certificates and keys loaded during configuration time got lost during
  runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
  level and there was an SSL directive at directory level, e.g. SSLRequire.
  This fixes a regression likely introduced in r1740928.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1844002&r1=1844001&r2=1844002&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 16 12:55:01 2018
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ssl: Correctly merge configurations that have client certificates set
+     by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
   *) core: Ensure that aborted connections are logged as such. PR 62823
      [Arnaud Grandville <co...@grandville.net>]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1844002&r1=1844001&r2=1844002&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 16 12:55:01 2018
@@ -433,6 +433,8 @@ static void modssl_ctx_cfg_merge_proxy(a
     cfgMergeString(pkp->cert_file);
     cfgMergeString(pkp->cert_path);
     cfgMergeString(pkp->ca_cert_file);
+    cfgMergeString(pkp->certs);
+    cfgMergeString(pkp->ca_certs);
 }
 
 void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Posted by Stefan Eissing <st...@greenbytes.de>.

Ok, the vote storm (category 3) was released and my proposal is moot. ;-)

> Am 18.10.2018 um 11:26 schrieb Stefan Eissing <st...@greenbytes.de>:
> 
> Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related changes there and do one row of tests and vote on it? Maybe attach the branch revision to the vote that was tested...
> 
> Seems to be able to save work, or?
> 
>> Am 18.10.2018 um 11:22 schrieb Yann Ylavic <yl...@gmail.com>:
>> 
>> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>>> 
>>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>>> backported?
>> 
>> +1
>> 
>> Regards,
>> Yann.
>

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Posted by Stefan Eissing <st...@greenbytes.de>.

Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related changes there and do one row of tests and vote on it? Maybe attach the branch revision to the vote that was tested...

Seems to be able to save work, or?

> Am 18.10.2018 um 11:22 schrieb Yann Ylavic <yl...@gmail.com>:
> 
> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>> 
>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>> backported?
> 
> +1
> 
> Regards,
> Yann.

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Posted by Yann Ylavic <yl...@gmail.com>.

On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>
> This fix at least formally applies to 2.4.x as well? Shouldn't it get
> backported?

+1

Regards,
Yann.

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Posted by Rainer Jung <ra...@kippdata.de>.

This fix at least formally applies to 2.4.x as well? Shouldn't it get 
backported?

Due to the below svn log message the bug was introduced by the feature 
that SSLProxy* can be used in <Proxy> sections. That feature got 
backported to 2.4.x, so probably this fix here should be backported as well.

Regards,

Rainer

Am 16.10.2018 um 14:55 schrieb rpluem@apache.org:
> Author: rpluem
> Date: Tue Oct 16 12:55:01 2018
> New Revision: 1844002
> 
> URL: http://svn.apache.org/viewvc?rev=1844002&view=rev
> Log:
> * Correctly merge configurations that have client certificates set
>    by SSLProxyMachineCertificate{File|Path}.
>    The certificates and keys loaded during configuration time got lost during
>    runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
>    level and there was an SSL directive at directory level, e.g. SSLRequire.
>    This fixes a regression likely introduced in r1740928.
> 
> Modified:
>      httpd/httpd/trunk/CHANGES
>      httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> 
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1844002&r1=1844001&r2=1844002&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 16 12:55:01 2018
> @@ -1,6 +1,9 @@
>                                                            -*- coding: utf-8 -*-
>   Changes with Apache 2.5.1
>   
> +  *) mod_ssl: Correctly merge configurations that have client certificates set
> +     by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
> +
>     *) core: Ensure that aborted connections are logged as such. PR 62823
>        [Arnaud Grandville <co...@grandville.net>]
>   
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1844002&r1=1844001&r2=1844002&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 16 12:55:01 2018
> @@ -433,6 +433,8 @@ static void modssl_ctx_cfg_merge_proxy(a
>       cfgMergeString(pkp->cert_file);
>       cfgMergeString(pkp->cert_path);
>       cfgMergeString(pkp->ca_cert_file);
> +    cfgMergeString(pkp->certs);
> +    cfgMergeString(pkp->ca_certs);
>   }
>   
>   void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
> 
>