You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2013/08/19 21:17:14 UTC
svn commit: r1515565 - in /httpd/httpd/branches/2.2.x: ./ CHANGES
modules/ssl/ssl_engine_kernel.c
Author: jorton
Date: Mon Aug 19 19:17:14 2013
New Revision: 1515565
URL: http://svn.apache.org/r1515565
Log:
Merge 1082189 from trunk:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Compare SNI
hostname against Host header case-insensitively.
PR: 49491
Submitted by: Mayank Agrawal <magrawal.08 gmail.com>
Reviewed by: rpluem, trawick, covener
Modified:
httpd/httpd/branches/2.2.x/ (props changed)
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c
Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1082189
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1515565&r1=1515564&r2=1515565&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Aug 19 19:17:14 2013
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.26
+ *) mod_ssl: Check SNI hostname against Host header case-insensitively.
+ PR 49491. [Mayank Agrawal <magrawal.08 gmail.com>]
+
*) mod_ssl: Change default for SSLCompression to off, as compression
causes security issues in most setups. (The so called "CRIME" attack).
[Stefan Fritsch]
Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c?rev=1515565&r1=1515564&r2=1515565&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c Mon Aug 19 19:17:14 2013
@@ -115,7 +115,7 @@ int ssl_hook_ReadReq(request_rec *r)
if (rv != APR_SUCCESS || scope_id) {
return HTTP_BAD_REQUEST;
}
- if (strcmp(host, servername)) {
+ if (strcasecmp(host, servername)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Hostname %s provided via SNI and hostname %s provided"
" via HTTP are different", servername, host);