www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Support OpenSSL 1.1.0:

Browse Source 
- Fix renegotiation for the client side
  of a proxy connection.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1730146 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Rainer Jung
2016-02-13 01:52:31 +00:00
parent aae25185ad
commit 35c192e868
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/ssl/ssl_engine_kernel.c
View File

@@ -2139,7 +2139,9 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc)
if (state == SSL3_ST_SR_CLNT_HELLO_A
|| state == SSL23_ST_SR_CLNT_HELLO_A) {
#else
if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_REJECT) {
if (!scr->is_proxy &&
(where & SSL_CB_HANDSHAKE_START) &&
scr->reneg_state == RENEG_REJECT) {
#endif
scr->reneg_state = RENEG_ABORT;
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
@@ -2149,13 +2151,18 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc)
#endif
}
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
else if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_ALLOW) {
else if (!scr->is_proxy &&
(where & SSL_CB_HANDSHAKE_START) &&
scr->reneg_state == RENEG_ALLOW) {
scr->reneg_state = RENEG_STARTED;
}
else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_STARTED) {
else if (!scr->is_proxy &&
(where & SSL_CB_HANDSHAKE_DONE) &&
scr->reneg_state == RENEG_STARTED) {
scr->reneg_state = RENEG_DONE;
}
else if ((where & SSL_CB_ALERT) &&
else if (!scr->is_proxy &&
(where & SSL_CB_ALERT) &&
(scr->reneg_state == RENEG_ALLOW || scr->reneg_state == RENEG_STARTED)) {
scr->reneg_state = RENEG_ALERT;
}