You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2005/08/29 21:59:50 UTC
svn commit: r264621 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Author: wrowe
Date: Mon Aug 29 12:59:46 2005
New Revision: 264621
URL: http://svn.apache.org/viewcvs?rev=264621&view=rev
Log:
Noticed in the development of fips-enabled mod_ssl, when we are
configured to support exactly one protocol, use that explicit server
and client mechansim to handshake with the client or proxied machine,
rather than the generic SSLv23_[client|server]_method().
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=264621&r1=264620&r2=264621&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Mon Aug 29 12:59:46 2005
@@ -409,14 +409,23 @@
method = mctx->pkp ?
SSLv2_client_method() : /* proxy */
SSLv2_server_method(); /* server */
- ctx = SSL_CTX_new(method); /* only SSLv2 is left */
}
- else {
+ else if (protocol == SSL_PROTOCOL_SSLV3) {
+ method = mctx->pkp ?
+ SSLv3_client_method() : /* proxy */
+ SSLv3_server_method(); /* server */
+ }
+ else if (protocol == SSL_PROTOCOL_TLSV1) {
+ method = mctx->pkp ?
+ TLSv1_client_method() : /* proxy */
+ TLSv1_server_method(); /* server */
+ }
+ else { /* For multiple protocols, we need a flexible method */
method = mctx->pkp ?
SSLv23_client_method() : /* proxy */
SSLv23_server_method(); /* server */
- ctx = SSL_CTX_new(method); /* be more flexible */
}
+ ctx = SSL_CTX_new(method);
mctx->ssl_ctx = ctx;