You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2018/10/16 12:55:01 UTC
svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_engine_config.c
Author: rpluem
Date: Tue Oct 16 12:55:01 2018
New Revision: 1844002
URL: http://svn.apache.org/viewvc?rev=1844002&view=rev
Log:
* Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.
The certificates and keys loaded during configuration time got lost during
runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
level and there was an SSL directive at directory level, e.g. SSLRequire.
This fixes a regression likely introduced in r1740928.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1844002&r1=1844001&r2=1844002&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 16 12:55:01 2018
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_ssl: Correctly merge configurations that have client certificates set
+ by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
*) core: Ensure that aborted connections are logged as such. PR 62823
[Arnaud Grandville <co...@grandville.net>]
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1844002&r1=1844001&r2=1844002&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 16 12:55:01 2018
@@ -433,6 +433,8 @@ static void modssl_ctx_cfg_merge_proxy(a
cfgMergeString(pkp->cert_file);
cfgMergeString(pkp->cert_path);
cfgMergeString(pkp->ca_cert_file);
+ cfgMergeString(pkp->certs);
+ cfgMergeString(pkp->ca_certs);
}
void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_engine_config.c
Posted by Stefan Eissing <st...@greenbytes.de>.
Ok, the vote storm (category 3) was released and my proposal is moot. ;-)
> Am 18.10.2018 um 11:26 schrieb Stefan Eissing <st...@greenbytes.de>:
>
> Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related changes there and do one row of tests and vote on it? Maybe attach the branch revision to the vote that was tested...
>
> Seems to be able to save work, or?
>
>> Am 18.10.2018 um 11:22 schrieb Yann Ylavic <yl...@gmail.com>:
>>
>> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>>>
>>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>>> backported?
>>
>> +1
>>
>> Regards,
>> Yann.
>
Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_engine_config.c
Posted by Stefan Eissing <st...@greenbytes.de>.
Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related changes there and do one row of tests and vote on it? Maybe attach the branch revision to the vote that was tested...
Seems to be able to save work, or?
> Am 18.10.2018 um 11:22 schrieb Yann Ylavic <yl...@gmail.com>:
>
> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>>
>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>> backported?
>
> +1
>
> Regards,
> Yann.
Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>
> This fix at least formally applies to 2.4.x as well? Shouldn't it get
> backported?
+1
Regards,
Yann.
Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_engine_config.c
Posted by Rainer Jung <ra...@kippdata.de>.
This fix at least formally applies to 2.4.x as well? Shouldn't it get
backported?
Due to the below svn log message the bug was introduced by the feature
that SSLProxy* can be used in <Proxy> sections. That feature got
backported to 2.4.x, so probably this fix here should be backported as well.
Regards,
Rainer
Am 16.10.2018 um 14:55 schrieb rpluem@apache.org:
> Author: rpluem
> Date: Tue Oct 16 12:55:01 2018
> New Revision: 1844002
>
> URL: http://svn.apache.org/viewvc?rev=1844002&view=rev
> Log:
> * Correctly merge configurations that have client certificates set
> by SSLProxyMachineCertificate{File|Path}.
> The certificates and keys loaded during configuration time got lost during
> runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
> level and there was an SSL directive at directory level, e.g. SSLRequire.
> This fixes a regression likely introduced in r1740928.
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1844002&r1=1844001&r2=1844002&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 16 12:55:01 2018
> @@ -1,6 +1,9 @@
> -*- coding: utf-8 -*-
> Changes with Apache 2.5.1
>
> + *) mod_ssl: Correctly merge configurations that have client certificates set
> + by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
> +
> *) core: Ensure that aborted connections are logged as such. PR 62823
> [Arnaud Grandville <co...@grandville.net>]
>
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1844002&r1=1844001&r2=1844002&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 16 12:55:01 2018
> @@ -433,6 +433,8 @@ static void modssl_ctx_cfg_merge_proxy(a
> cfgMergeString(pkp->cert_file);
> cfgMergeString(pkp->cert_path);
> cfgMergeString(pkp->ca_cert_file);
> + cfgMergeString(pkp->certs);
> + cfgMergeString(pkp->ca_certs);
> }
>
> void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
>
>