You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/04/17 15:38:14 UTC
svn commit: r1588246 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS
modules/ssl/ssl_engine_init.c
Author: jim
Date: Thu Apr 17 13:38:14 2014
New Revision: 1588246
URL: http://svn.apache.org/r1588246
Log:
Merge r1585918 from trunk:
Only read "active" values from the key_files array. PR 56306.
Submitted by: kbrand
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1585918
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1588246&r1=1588245&r2=1588246&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Apr 17 13:38:14 2014
@@ -2,6 +2,9 @@
Changes with Apache 2.4.10
+ *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
+ (and logging garbled file names). PR 56306. [Kaspar Brand]
+
*) mod_ssl: fix merging of global and vhost-level settings with the
SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
directives. PR 56353. [Kaspar Brand]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1588246&r1=1588245&r2=1588246&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Thu Apr 17 13:38:14 2014
@@ -106,11 +106,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
2.4.x patch: trunk patch works, modulo CHANGES
+1: minfrin, jim, ylavic
- * mod_ssl: only read "active" values from the key_files array (PR 56306)
- trunk patch: https://svn.apache.org/r1585918
- 2.4.x patch: trunk patch works (modulo CHANGES)
- +1: kbrand, ylavic, jorton
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1588246&r1=1588245&r2=1588246&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Thu Apr 17 13:38:14 2014
@@ -906,9 +906,11 @@ static apr_status_t ssl_init_server_cert
}
/* and second, the private key */
- keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *);
- if (keyfile == NULL)
+ if (i < mctx->pks->key_files->nelts) {
+ keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *);
+ } else {
keyfile = certfile;
+ }
ERR_clear_error();