You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2020/02/21 00:10:01 UTC
svn commit: r1874283 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
modules/ssl/ssl_engine_kernel.c
Author: ylavic
Date: Fri Feb 21 00:10:01 2020
New Revision: 1874283
URL: http://svn.apache.org/viewvc?rev=1874283&view=rev
Log:
Merge r1873888 from trunk:
*) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
[Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]
Submitted by: icing
Reviewed by: icing, jim, ylavic
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1873888
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1874283&r1=1874282&r2=1874283&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Feb 21 00:10:01 2020
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.42
+ *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
+ issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
+ [Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]
+
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?rev=1874283&r1=1874282&r2=1874283&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c Fri Feb 21 00:10:01 2020
@@ -2362,6 +2362,7 @@ static apr_status_t init_vhost(conn_rec
if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) {
return APR_EGENERAL;
}
+ SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);
}
else {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044)
@@ -2742,6 +2743,7 @@ int ssl_callback_alpn_select(SSL *ssl,
if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) {
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
+ SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);
}
}
}