You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2010/03/22 09:47:26 UTC
svn commit: r926000 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_config.c
ssl_engine_init.c
Author: wrowe
Date: Mon Mar 22 08:47:26 2010
New Revision: 926000
URL: http://svn.apache.org/viewvc?rev=926000&view=rev
Log:
Fix BOOL fips handling for UNSET values, and hack a vc compiler warning
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=926000&r1=925999&r2=926000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Mon Mar 22 08:47:26 2010
@@ -192,6 +192,9 @@ static SSLSrvConfigRec *ssl_config_serve
#ifndef OPENSSL_NO_TLSEXT
sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
#endif
+#ifdef HAVE_FIPS
+ sc->fips = UNSET;
+#endif
modssl_ctx_init_proxy(sc, p);
@@ -292,9 +295,6 @@ void *ssl_config_server_merge(apr_pool_t
cfgMerge(mc, NULL);
cfgMerge(enabled, SSL_ENABLED_UNSET);
-#ifdef HAVE_FIPS
- cfgMergeBool(fips);
-#endif
cfgMergeBool(proxy_enabled);
cfgMergeInt(session_cache_timeout);
cfgMergeBool(cipher_server_pref);
@@ -305,6 +305,9 @@ void *ssl_config_server_merge(apr_pool_t
#ifndef OPENSSL_NO_TLSEXT
cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
#endif
+#ifdef HAVE_FIPS
+ cfgMergeBool(fips);
+#endif
modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
@@ -588,7 +591,7 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *c
}
#ifdef HAVE_FIPS
- if ((sc->fips != UNSET) && (sc->fips != (flag ? TRUE : FALSE)))
+ if ((sc->fips != UNSET) && (sc->fips != (BOOL)(flag ? TRUE : FALSE)))
return "Conflicting SSLFIPS options, cannot be both On and Off";
sc->fips = flag ? TRUE : FALSE;
#else
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=926000&r1=925999&r2=926000&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Mon Mar 22 08:47:26 2010
@@ -233,6 +233,9 @@ int ssl_init_Module(apr_pool_t *p, apr_p
sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
}
+ if (sc->fips == UNSET) {
+ sc->fips = FALSE;
+ }
}
#if APR_HAS_THREADS
@@ -258,7 +261,7 @@ int ssl_init_Module(apr_pool_t *p, apr_p
#ifdef HAVE_FIPS
if(sc->fips) {
- if (!FIPS_mode())
+ if (!FIPS_mode()) {
if (FIPS_mode_set(1)) {
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
"Operating in SSL FIPS mode");