You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2015/01/22 16:19:39 UTC
svn commit: r1653906 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c
modules/ssl/ssl_private.h
Author: covener
Date: Thu Jan 22 15:19:39 2015
New Revision: 1653906
URL: http://svn.apache.org/r1653906
Log:
Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored
in virtualhost context.
Submitted By: Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>
Commited By: covener
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1653906&r1=1653905&r2=1653906&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Jan 22 15:19:39 2015
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context.
+ PR 57100. [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>]
+
*) mod_rewrite: Improve 'bad flag delimeters' startup error by showing
how the input was tokenized. PR 56528. [Edward Lu <Chaosed0 gmail.com>]
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1653906&r1=1653905&r2=1653906&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Thu Jan 22 15:19:39 2015
@@ -110,7 +110,7 @@ static void modssl_ctx_init(modssl_ctx_t
mctx->ticket_key = NULL;
#endif
- mctx->protocol = SSL_PROTOCOL_ALL;
+ mctx->protocol = SSL_PROTOCOL_UNSET;
mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
mctx->pphrase_dialog_path = NULL;
@@ -254,7 +254,7 @@ static void modssl_ctx_cfg_merge(apr_poo
modssl_ctx_t *add,
modssl_ctx_t *mrg)
{
- cfgMerge(protocol, SSL_PROTOCOL_ALL);
+ cfgMerge(protocol, SSL_PROTOCOL_UNSET);
cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
cfgMergeString(pphrase_dialog_path);
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1653906&r1=1653905&r2=1653906&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Thu Jan 22 15:19:39 2015
@@ -209,10 +209,19 @@ apr_status_t ssl_init_Module(apr_pool_t
if (sc->enabled == SSL_ENABLED_UNSET) {
sc->enabled = SSL_ENABLED_FALSE;
}
+
if (sc->proxy_enabled == UNSET) {
sc->proxy_enabled = FALSE;
}
+ if (sc->server && sc->server->protocol == SSL_PROTOCOL_UNSET) {
+ sc->server->protocol = SSL_PROTOCOL_ALL;
+ }
+
+ if (sc->proxy && sc->proxy->protocol == SSL_PROTOCOL_UNSET) {
+ sc->proxy->protocol = SSL_PROTOCOL_ALL;
+ }
+
if (sc->session_cache_timeout == UNSET) {
sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT;
}
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1653906&r1=1653905&r2=1653906&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Thu Jan 22 15:19:39 2015
@@ -286,13 +286,14 @@ typedef int ssl_opt_t;
/**
* Define the SSL Protocol options
*/
-#define SSL_PROTOCOL_NONE (0)
-#define SSL_PROTOCOL_SSLV2 (1<<0)
-#define SSL_PROTOCOL_SSLV3 (1<<1)
-#define SSL_PROTOCOL_TLSV1 (1<<2)
+#define SSL_PROTOCOL_UNSET (0)
+#define SSL_PROTOCOL_NONE (1<<0)
+#define SSL_PROTOCOL_SSLV2 (1<<1)
+#define SSL_PROTOCOL_SSLV3 (1<<2)
+#define SSL_PROTOCOL_TLSV1 (1<<3)
#ifdef HAVE_TLSV1_X
-#define SSL_PROTOCOL_TLSV1_1 (1<<3)
-#define SSL_PROTOCOL_TLSV1_2 (1<<4)
+#define SSL_PROTOCOL_TLSV1_1 (1<<4)
+#define SSL_PROTOCOL_TLSV1_2 (1<<5)
#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1| \
SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
#else