You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/04/17 15:38:14 UTC

svn commit: r1588246 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/ssl/ssl_engine_init.c

Author: jim
Date: Thu Apr 17 13:38:14 2014
New Revision: 1588246

URL: http://svn.apache.org/r1588246
Log:
Merge r1585918 from trunk:

Only read "active" values from the key_files array. PR 56306.

Submitted by: kbrand
Reviewed/backported by: jim

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1585918

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1588246&r1=1588245&r2=1588246&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Apr 17 13:38:14 2014
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.10
 
+  *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
+     (and logging garbled file names). PR 56306. [Kaspar Brand]
+
   *) mod_ssl: fix merging of global and vhost-level settings with the
      SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
      directives. PR 56353. [Kaspar Brand]

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1588246&r1=1588245&r2=1588246&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Thu Apr 17 13:38:14 2014
@@ -106,11 +106,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
     2.4.x patch: trunk patch works, modulo CHANGES
     +1: minfrin, jim, ylavic
 
-   * mod_ssl: only read "active" values from the key_files array (PR 56306)
-     trunk patch: https://svn.apache.org/r1585918
-     2.4.x patch: trunk patch works (modulo CHANGES)
-     +1: kbrand, ylavic, jorton
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1588246&r1=1588245&r2=1588246&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Thu Apr 17 13:38:14 2014
@@ -906,9 +906,11 @@ static apr_status_t ssl_init_server_cert
         }
 
         /* and second, the private key */
-        keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *);
-        if (keyfile == NULL)
+        if (i < mctx->pks->key_files->nelts) {
+            keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *);
+        } else {
             keyfile = certfile;
+        }
 
         ERR_clear_error();