www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

*) mod_ssl: reverting a 2.4.40 change where a superfluous SSLCertificateChainFile configuration

Browse Source 
for a domain managed by mod_md caused a startup error. This happened when mod_md installed 
     its fallback certificate, before it got the first real certificate from Lets Encrypt.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864428 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Eissing
2019-08-05 11:29:58 +00:00
parent 09b2410688
commit 61fdda63d3
2 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@@ -1,6 +1,11 @@
-*- coding: utf-8 -*- -*- coding: utf-8 -*-
Changes with Apache 2.5.1 Changes with Apache 2.5.1
*) mod_ssl: reverting a 2.4.40 change where a superfluous SSLCertificateChainFile configuration
for a domain managed by mod_md caused a startup error. This happened when mod_md installed
its fallback certificate, before it got the first real certificate from Lets Encrypt.
[Stefan Eissing]
*) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via *) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via
RegexDefaultOptions -DOTALL [Yann Ylavic] RegexDefaultOptions -DOTALL [Yann Ylavic]

24
modules/ssl/ssl_engine_init.c
View File

@@ -1820,19 +1820,21 @@ static apr_status_t ssl_init_server_ctx(server_rec *s,
n = pks->cert_files->nelts; n = pks->cert_files->nelts;
ssl_run_add_cert_files(s, p, pks->cert_files, pks->key_files); ssl_run_add_cert_files(s, p, pks->cert_files, pks->key_files);
if (n < pks->cert_files->nelts) { if (apr_is_empty_array(pks->cert_files)) {
/* this overrides any old chain configuration */ /* does someone propose a certiciate to fall back on here? */
sc->server->cert_chain = NULL; ssl_run_add_fallback_cert_files(s, p, pks->cert_files, pks->key_files);
if (n < pks->cert_files->nelts) {
pks->service_unavailable = 1;
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(10085)
"Init: %s will respond with '503 Service Unavailable' for now. There "
"are no SSL certificates configured and no other module contributed any.",
ssl_util_vhostid(p, s));
}
} }
if (apr_is_empty_array(pks->cert_files) && !sc->server->cert_chain) { if (n < pks->cert_files->nelts) {
ssl_run_add_fallback_cert_files(s, p, pks->cert_files, pks->key_files); /* additionally installed certs overrides any old chain configuration */
sc->server->cert_chain = NULL;
pks->service_unavailable = 1;
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(10085)
"Init: %s will respond with '503 Service Unavailable' for now. There "
"are no SSL certificates configured and no other module contributed any.",
ssl_util_vhostid(p, s));
} }
if ((rv = ssl_init_ctx(s, p, ptemp, sc->server)) != APR_SUCCESS) { if ((rv = ssl_init_ctx(s, p, ptemp, sc->server)) != APR_SUCCESS) {