You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2020/01/01 23:05:43 UTC

svn commit: r1872226 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/ssl/ssl_engine_kernel.c

Author: minfrin
Date: Wed Jan  1 23:05:42 2020
New Revision: 1872226

URL: http://svn.apache.org/viewvc?rev=1872226&view=rev
Log:
Backport r1865740.
mod_ssl: OCSP does not apply to proxy mode.

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1865740

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1872226&r1=1872225&r2=1872226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Jan  1 23:05:42 2020
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.42
 
+  *) mod_ssl: OCSP does not apply to proxy mode. [Yann Ylavic]
+
   *) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469
      [Jim Jagielski]
  

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1872226&r1=1872225&r2=1872226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Wed Jan  1 23:05:42 2020
@@ -132,11 +132,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: OCSP does not apply to proxy mode
-     trunk patch: http://svn.apache.org/r1865740
-     2.4.x patch: svn merge -c 1865740 ^/httpd/httpd/trunk .
-     +1: ylavic, jorton, minfrin
-
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?rev=1872226&r1=1872225&r2=1872226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c Wed Jan  1 23:05:42 2020
@@ -1813,8 +1813,8 @@ int ssl_callback_SSLVerify(int ok, X509_
     /*
      * Perform OCSP-based revocation checks
      */
-    if (ok && ((sc->server->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
-         (errdepth == 0 && (sc->server->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {     
+    if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
+         (errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {     
         /* If there was an optional verification error, it's not
          * possible to perform OCSP validation since the issuer may be
          * missing/untrusted.  Fail in that case. */