You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@gmail.com> on 2010/03/01 21:53:51 UTC
Re: svn commit: r917343 - in /httpd/httpd/branches/2.2.x: CHANGES
STATUS modules/ssl/ssl_engine_io.c
On Mon, Mar 1, 2010 at 9:49 AM, Joe Orton <jo...@redhat.com> wrote:
> On Mon, Mar 01, 2010 at 11:49:44AM +0000, Joe Orton wrote:
>> On Mon, Mar 01, 2010 at 01:31:36AM -0000, Graham Leggett wrote:
>> > --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c (original)
>> > +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c Mon Mar 1 01:31:36 2010
>> > if (!in)
>> > return 0;
>> >
>> > - /* Abort early if the client has initiated a renegotiation. */
>> > - if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
>> > - inctx->rc = APR_ECONNABORTED;
>> > - return -1;
>> > - }
>>
>> I mis-merged that backport, it shouldn't have removed that chunk :(
>
> I guess we need votes again, for 2.2.x to restore that chunk, vote now:
>
> Index: modules/ssl/ssl_engine_io.c
> ===================================================================
> --- modules/ssl/ssl_engine_io.c (revision 917550)
> +++ modules/ssl/ssl_engine_io.c (working copy)
> @@ -472,6 +472,12 @@
> if (!in)
> return 0;
>
> + /* Abort early if the client has initiated a renegotiation. */
> + if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
> + inctx->rc = APR_ECONNABORTED;
> + return -1;
> + }
> +
> /* In theory, OpenSSL should flush as necessary, but it is known
> * not to do so correctly in some cases; see PR 46952.
> *
+1