You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2020/01/01 23:05:43 UTC
svn commit: r1872226 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS
modules/ssl/ssl_engine_kernel.c
Author: minfrin
Date: Wed Jan 1 23:05:42 2020
New Revision: 1872226
URL: http://svn.apache.org/viewvc?rev=1872226&view=rev
Log:
Backport r1865740.
mod_ssl: OCSP does not apply to proxy mode.
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1865740
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1872226&r1=1872225&r2=1872226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Jan 1 23:05:42 2020
@@ -1,6 +1,8 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.42
+ *) mod_ssl: OCSP does not apply to proxy mode. [Yann Ylavic]
+
*) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469
[Jim Jagielski]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1872226&r1=1872225&r2=1872226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Wed Jan 1 23:05:42 2020
@@ -132,11 +132,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_ssl: OCSP does not apply to proxy mode
- trunk patch: http://svn.apache.org/r1865740
- 2.4.x patch: svn merge -c 1865740 ^/httpd/httpd/trunk .
- +1: ylavic, jorton, minfrin
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?rev=1872226&r1=1872225&r2=1872226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c Wed Jan 1 23:05:42 2020
@@ -1813,8 +1813,8 @@ int ssl_callback_SSLVerify(int ok, X509_
/*
* Perform OCSP-based revocation checks
*/
- if (ok && ((sc->server->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
- (errdepth == 0 && (sc->server->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {
+ if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
+ (errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {
/* If there was an optional verification error, it's not
* possible to perform OCSP validation since the issuer may be
* missing/untrusted. Fail in that case. */