You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2014/01/05 22:18:29 UTC
svn commit: r1555631 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_kernel.c
modules/ssl/ssl_engine_ocsp.c
Author: trawick
Date: Sun Jan 5 21:18:28 2014
New Revision: 1555631
URL: http://svn.apache.org/r1555631
Log:
Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
Reviewed by: rpluem
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1555631&r1=1555630&r2=1555631&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Jan 5 21:18:28 2014
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
+ [Jeff Trawick]
+
*) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
[Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1555631&r1=1555630&r2=1555631&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Sun Jan 5 21:18:28 2014
@@ -127,8 +127,8 @@ static void modssl_ctx_init(modssl_ctx_t
mctx->auth.verify_depth = UNSET;
mctx->auth.verify_mode = SSL_CVERIFY_UNSET;
- mctx->ocsp_enabled = FALSE;
- mctx->ocsp_force_default = FALSE;
+ mctx->ocsp_enabled = UNSET;
+ mctx->ocsp_force_default = UNSET;
mctx->ocsp_responder = NULL;
mctx->ocsp_resptime_skew = UNSET;
mctx->ocsp_resp_maxage = UNSET;
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1555631&r1=1555630&r2=1555631&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sun Jan 5 21:18:28 2014
@@ -1461,7 +1461,7 @@ int ssl_callback_SSLVerify(int ok, X509_
/*
* Perform OCSP-based revocation checks
*/
- if (ok && sc->server->ocsp_enabled) {
+ if (ok && sc->server->ocsp_enabled == TRUE) {
/* If there was an optional verification error, it's not
* possible to perform OCSP validation since the issuer may be
* missing/untrusted. Fail in that case. */
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c?rev=1555631&r1=1555630&r2=1555631&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c Sun Jan 5 21:18:28 2014
@@ -61,7 +61,7 @@ static apr_uri_t *determine_responder_ur
/* Use default responder URL if forced by configuration, else use
* certificate-specified responder, falling back to default if
* necessary and possible. */
- if (sc->server->ocsp_force_default) {
+ if (sc->server->ocsp_force_default == TRUE) {
s = sc->server->ocsp_responder;
}
else {