diff --git a/CHANGES b/CHANGES index f910540d38..09c23071eb 100644 --- a/CHANGES +++ b/CHANGES @@ -2,13 +2,16 @@ Changes with Apache 2.3.2 [ When backported to 2.2.x, remove entry from this file ] + *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508 + [] + *) core: Translate the the status line to ASCII on EBCDIC platforms in ap_send_interim_response() and for locally generated "100 Continue" responses. [Eric Covener] *) mod_authnz_ldap: Reduce number of initialization debug messages and make information more clear. PR 46342 [Dan Poirier] - + *) prefork: Fix child process hang during graceful restart/stop in configurations with multiple listening sockets. PR 42829. [Joe Orton, Jeff Trawick] diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 624e29befc..6e4a1f26e1 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -295,7 +295,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir) dc->szCACertificateFile = NULL; dc->szUserName = NULL; - dc->nRenegBufferSize = DEFAULT_RENEG_BUFFER_SIZE; + dc->nRenegBufferSize = UNSET; return dc; } diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 052051f723..229fc27d3f 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -600,10 +600,13 @@ int ssl_hook_Access(request_rec *r) && strcmp(apr_table_get(r->headers_in, "content-length"), "0"))) && !r->expecting_100) { int rv; + apr_size_t rsize; - if (dc->nRenegBufferSize > 0) { + rsize = dc->nRenegBufferSize == UNSET ? DEFAULT_RENEG_BUFFER_SIZE : + dc->nRenegBufferSize; + if (rsize > 0) { /* Fill the I/O buffer with the request body if possible. */ - rv = ssl_io_buffer_fill(r, dc->nRenegBufferSize); + rv = ssl_io_buffer_fill(r, rsize); } else { /* If the reneg buffer size is set to zero, just fail. */