You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rainer Jung <ra...@kippdata.de> on 2018/10/18 09:18:24 UTC

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

This fix at least formally applies to 2.4.x as well? Shouldn't it get 
backported?

Due to the below svn log message the bug was introduced by the feature 
that SSLProxy* can be used in <Proxy> sections. That feature got 
backported to 2.4.x, so probably this fix here should be backported as well.

Regards,

Rainer

Am 16.10.2018 um 14:55 schrieb rpluem@apache.org:
> Author: rpluem
> Date: Tue Oct 16 12:55:01 2018
> New Revision: 1844002
> 
> URL: http://svn.apache.org/viewvc?rev=1844002&view=rev
> Log:
> * Correctly merge configurations that have client certificates set
>    by SSLProxyMachineCertificate{File|Path}.
>    The certificates and keys loaded during configuration time got lost during
>    runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
>    level and there was an SSL directive at directory level, e.g. SSLRequire.
>    This fixes a regression likely introduced in r1740928.
> 
> Modified:
>      httpd/httpd/trunk/CHANGES
>      httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> 
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1844002&r1=1844001&r2=1844002&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 16 12:55:01 2018
> @@ -1,6 +1,9 @@
>                                                            -*- coding: utf-8 -*-
>   Changes with Apache 2.5.1
>   
> +  *) mod_ssl: Correctly merge configurations that have client certificates set
> +     by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
> +
>     *) core: Ensure that aborted connections are logged as such. PR 62823
>        [Arnaud Grandville <co...@grandville.net>]
>   
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1844002&r1=1844001&r2=1844002&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 16 12:55:01 2018
> @@ -433,6 +433,8 @@ static void modssl_ctx_cfg_merge_proxy(a
>       cfgMergeString(pkp->cert_file);
>       cfgMergeString(pkp->cert_path);
>       cfgMergeString(pkp->ca_cert_file);
> +    cfgMergeString(pkp->certs);
> +    cfgMergeString(pkp->ca_certs);
>   }
>   
>   void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
> 
>

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Posted by Stefan Eissing <st...@greenbytes.de>.

Ok, the vote storm (category 3) was released and my proposal is moot. ;-)

> Am 18.10.2018 um 11:26 schrieb Stefan Eissing <st...@greenbytes.de>:
> 
> Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related changes there and do one row of tests and vote on it? Maybe attach the branch revision to the vote that was tested...
> 
> Seems to be able to save work, or?
> 
>> Am 18.10.2018 um 11:22 schrieb Yann Ylavic <yl...@gmail.com>:
>> 
>> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>>> 
>>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>>> backported?
>> 
>> +1
>> 
>> Regards,
>> Yann.
>

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Posted by Stefan Eissing <st...@greenbytes.de>.

Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related changes there and do one row of tests and vote on it? Maybe attach the branch revision to the vote that was tested...

Seems to be able to save work, or?

> Am 18.10.2018 um 11:22 schrieb Yann Ylavic <yl...@gmail.com>:
> 
> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>> 
>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>> backported?
> 
> +1
> 
> Regards,
> Yann.

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

Posted by Yann Ylavic <yl...@gmail.com>.

On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung <ra...@kippdata.de> wrote:
>
> This fix at least formally applies to 2.4.x as well? Shouldn't it get
> backported?

+1

Regards,
Yann.