From 50ebf352a80441430f9517c63220db9233915c40 Mon Sep 17 00:00:00 2001 From: Kaspar Brand Date: Wed, 9 Apr 2014 09:35:41 +0000 Subject: [PATCH] Only read "active" values from the key_files array. PR 56306. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1585918 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/ssl/ssl_engine_init.c | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 6d63e906a1..a6079bff91 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values + (and logging garbled file names). PR 56306. [Kaspar Brand] + *) mod_proxy_fcgi: Fix sending of response without some HTTP headers that might be set by filters. [Jim Riggs ] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index ab5fa5e51a..cbc4a7433d 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -914,9 +914,11 @@ static apr_status_t ssl_init_server_certs(server_rec *s, } /* and second, the private key */ - keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *); - if (keyfile == NULL) + if (i < mctx->pks->key_files->nelts) { + keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *); + } else { keyfile = certfile; + } ERR_clear_error();