www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Support compilation against libssl built with OPENSSL_NO_SSL3,

Browse Source 
and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3",
in accordance with RFC 7568. PR 58349, PR 57120.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1703952 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Kaspar Brand
2015-09-19 08:40:56 +00:00
parent fab37e8e26
commit 4c9b3c3b35
8 changed files with 61 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/ssl/ssl_engine_io.c
View File

@@ -1139,7 +1139,9 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
* IPv4 and IPv6 addresses are not permitted".)
*/
if (hostname_note &&
#ifndef OPENSSL_NO_SSL3
sc->proxy->protocol != SSL_PROTOCOL_SSLV3 &&
#endif
apr_ipsubnet_create(&ip, hostname_note, NULL,
c->pool) != APR_SUCCESS) {
if (SSL_set_tlsext_host_name(filter_ctx->pssl, hostname_note)) {