You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/07/08 15:14:09 UTC
svn commit: r1608759 - in /httpd/httpd/branches/2.4.x: ./ STATUS
modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c
Author: jim
Date: Tue Jul 8 13:14:08 2014
New Revision: 1608759
URL: http://svn.apache.org/r1608759
Log:
Merge r1537535 from trunk:
For better compatibility with mod_nss:
* modules/ssl/ssl_engine_config.c (ssl_config_server_new): Default
sc->enabled to UNSET.
* modules/ssl/ssl_engine_init.c (ssl_init_Module): Only override
sc->enabled based on the protocol iff sc->enabled is UNSET; allows
"SSLEngine off" to override the Listen-based default.
Submitted by: jorton
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c
httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1537535
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1608759&r1=1608758&r2=1608759&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Jul 8 13:14:08 2014
@@ -100,18 +100,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
- OCSP requests should use a nonce to be checked against the responder's
- one. PR 56233.
- trunk patch: http://svn.apache.org/r1583191
- http://svn.apache.org/r1584098
- http://svn.apache.org/r1584665 (manual: use 2.4's backport
- version instead of temporary
- 2.5-dev <compatibility> ref)
- http://svn.apache.org/r1591401
- 2.4.x patch: https://people.apache.org/~ylavic/httpd-2.4.x-SSLOCSPUseRequestNonce+manual-2.4.10-v2.patch
- +1: ylavic, kbrand, jorton
-
* mod_proxy_http: Avoid useless functions calls.
trunk patch: http://svn.apache.org/r1572561
2.4.x patch: trunk works
@@ -124,13 +112,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
2.4.x patch: trunk works (modulo CHANGES)
+1: ylavic, covener, jim
- * mod_ssl: Improve compatibility with mod_nss; allow "SSLEngine off" to override
- Listen-based default.
- trunk patch: http://svn.apache.org/r1537535
- 2.4.x patch: trunk patch works
- +1: jorton, trawick, , jim
-
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?rev=1608759&r1=1608758&r2=1608759&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c Tue Jul 8 13:14:08 2014
@@ -203,7 +203,7 @@ static SSLSrvConfigRec *ssl_config_serve
SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
sc->mc = NULL;
- sc->enabled = SSL_ENABLED_FALSE;
+ sc->enabled = SSL_ENABLED_UNSET;
sc->proxy_enabled = UNSET;
sc->vhost_id = NULL; /* set during module init */
sc->vhost_id_len = 0; /* set during module init */
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1608759&r1=1608758&r2=1608759&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Tue Jul 8 13:14:08 2014
@@ -117,13 +117,16 @@ apr_status_t ssl_init_Module(apr_pool_t
sc->vhost_id = ssl_util_vhostid(p, s);
sc->vhost_id_len = strlen(sc->vhost_id);
- if (ap_get_server_protocol(s) &&
- strcmp("https", ap_get_server_protocol(s)) == 0) {
+ /* Default to enabled if SSLEngine is not set explicitly, and
+ * the protocol is https. */
+ if (ap_get_server_protocol(s)
+ && strcmp("https", ap_get_server_protocol(s)) == 0
+ && sc->enabled == SSL_ENABLED_UNSET) {
sc->enabled = SSL_ENABLED_TRUE;
}
- /* If sc->enabled is UNSET, then SSL is optional on this vhost */
- /* Fix up stuff that may not have been set */
+ /* Fix up stuff that may not have been set. If sc->enabled is
+ * UNSET, then SSL is disabled on this vhost. */
if (sc->enabled == SSL_ENABLED_UNSET) {
sc->enabled = SSL_ENABLED_FALSE;
}