You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/03/06 18:54:28 UTC

cvs commit: httpd-2.0/modules/ssl ssl_engine_pphrase.c

jorton      2004/03/06 09:54:28

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/ssl Tag: APACHE_2_0_BRANCH ssl_engine_pphrase.c
  Log:
  * modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle): Clear the
  OpenSSL error stack before reading the private key.
  
  PR: 21160
  Reviewed by: Jeff Trawick, Justin Erenkrantz
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.247 +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.246
  retrieving revision 1.988.2.247
  diff -w -d -u -r1.988.2.246 -r1.988.2.247
  --- CHANGES	3 Mar 2004 11:07:48 -0000	1.988.2.246
  +++ CHANGES	6 Mar 2004 17:54:27 -0000	1.988.2.247
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.49
   
  +  *) mod_ssl: Fix bug in passphrase handling which could cause spurious
  +     failures in SSL functions later.  PR 21160.  [Joe Orton]
  +
     *) mod_log_config: Fix corruption of buffered logs with threaded
        MPMs.  PR 25520.  [Jeff Trawick]
   
  
  
  
  1.751.2.725 +1 -8      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.724
  retrieving revision 1.751.2.725
  diff -w -d -u -r1.751.2.724 -r1.751.2.725
  --- STATUS	5 Mar 2004 19:08:13 -0000	1.751.2.724
  +++ STATUS	6 Mar 2004 17:54:27 -0000	1.751.2.725
  @@ -113,13 +113,6 @@
           modules/metadata/mod_setenvif.c: r1.50
         +1: nd
   
  -    * mod_ssl: Clear OpenSSL error stack during pphrase entry to prevent 
  -      spurious failures in SSL functions later.
  -      PR: 21160
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_pphrase.c?r1=1.44&r2=1.45
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_pphrase.c?r1=1.49&r2=1.50 (comment-only modification)
  -      +1: jorton, trawick, jerenkrantz
  -
       * Fix file extensions for real media files and removed rpm extension
         from mime.types. PR 26079. (2.0 + 1.3)
           docs/conf/mime.types: r1.23, r1.24
  
  
  
  No                   revision
  No                   revision
  1.42.2.6  +5 -0      httpd-2.0/modules/ssl/ssl_engine_pphrase.c
  
  Index: ssl_engine_pphrase.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
  retrieving revision 1.42.2.5
  retrieving revision 1.42.2.6
  diff -w -d -u -r1.42.2.5 -r1.42.2.6
  --- ssl_engine_pphrase.c	9 Feb 2004 20:53:20 -0000	1.42.2.5
  +++ ssl_engine_pphrase.c	6 Mar 2004 17:54:28 -0000	1.42.2.6
  @@ -340,6 +340,11 @@
                   cpPassPhraseCur = NULL;
                   ssl_pphrase_server_rec = s; /* to make up for sslc flaw */
   
  +                /* Ensure that the error stack is empty; some SSL
  +                 * functions will fail spuriously if the error stack
  +                 * is not empty. */
  +                ERR_clear_error();
  +
                   bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL,
                               ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);