You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2010/03/22 09:47:26 UTC
svn commit: r926000 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c ssl_engine_init.c

Author: wrowe
Date: Mon Mar 22 08:47:26 2010
New Revision: 926000

URL: http://svn.apache.org/viewvc?rev=926000&view=rev
Log:
Fix BOOL fips handling for UNSET values, and hack a vc compiler warning

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=926000&r1=925999&r2=926000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Mon Mar 22 08:47:26 2010
@@ -192,6 +192,9 @@ static SSLSrvConfigRec *ssl_config_serve
 #ifndef OPENSSL_NO_TLSEXT
     sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
 #endif
+#ifdef HAVE_FIPS
+    sc->fips                   = UNSET;
+#endif
 
     modssl_ctx_init_proxy(sc, p);
 
@@ -292,9 +295,6 @@ void *ssl_config_server_merge(apr_pool_t
 
     cfgMerge(mc, NULL);
     cfgMerge(enabled, SSL_ENABLED_UNSET);
-#ifdef HAVE_FIPS
-    cfgMergeBool(fips);
-#endif
     cfgMergeBool(proxy_enabled);
     cfgMergeInt(session_cache_timeout);
     cfgMergeBool(cipher_server_pref);
@@ -305,6 +305,9 @@ void *ssl_config_server_merge(apr_pool_t
 #ifndef OPENSSL_NO_TLSEXT
     cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
 #endif
+#ifdef HAVE_FIPS
+    cfgMergeBool(fips);
+#endif
 
     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
 
@@ -588,7 +591,7 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *c
     }
 
 #ifdef HAVE_FIPS
-    if ((sc->fips != UNSET) && (sc->fips != (flag ? TRUE : FALSE)))
+    if ((sc->fips != UNSET) && (sc->fips != (BOOL)(flag ? TRUE : FALSE)))
         return "Conflicting SSLFIPS options, cannot be both On and Off";
     sc->fips = flag ? TRUE : FALSE;
 #else

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=926000&r1=925999&r2=926000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Mon Mar 22 08:47:26 2010
@@ -233,6 +233,9 @@ int ssl_init_Module(apr_pool_t *p, apr_p
             sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
         }
 
+        if (sc->fips == UNSET) {
+            sc->fips = FALSE;
+        }
     }
 
 #if APR_HAS_THREADS
@@ -258,7 +261,7 @@ int ssl_init_Module(apr_pool_t *p, apr_p
 
 #ifdef HAVE_FIPS
     if(sc->fips) {
-        if (!FIPS_mode())
+        if (!FIPS_mode()) {
             if (FIPS_mode_set(1)) {
                 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
                              "Operating in SSL FIPS mode");