www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

modssl: reset client-verify state when renegotiation is aborted

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750779 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Eissing
2016-06-30 12:08:42 +00:00
parent 83cf38ceb5
commit 22204edc7a
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,6 +1,9 @@
-*- coding: utf-8 -*- -*- coding: utf-8 -*-
Changes with Apache 2.5.0 Changes with Apache 2.5.0
*) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
[Erki Aring <erki@example.ee>, Stefan Eissing]
*) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data
available before the request is sent. PR 57832. [Yann Ylavic] available before the request is sent. PR 57832. [Yann Ylavic]

1
modules/ssl/ssl_engine_kernel.c
View File

@@ -727,6 +727,7 @@ int ssl_hook_Access(request_rec *r)
* on this connection. * on this connection.
*/ */
apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client"); apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
SSL_set_verify(ssl, verify_old, ssl_callback_SSLVerify);
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
/* optimization */ /* optimization */