www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored

Browse Source 
in virtualhost context.

Submitted By: Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>
Commited By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1653906 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eric Covener
2015-01-22 15:19:39 +00:00
parent 09a7ffc55d
commit 6d6a8a16f1
4 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,6 +1,9 @@
-*- coding: utf-8 -*- -*- coding: utf-8 -*-
Changes with Apache 2.5.0 Changes with Apache 2.5.0
*) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context.
PR 57100. [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>]
*) mod_rewrite: Improve 'bad flag delimeters' startup error by showing *) mod_rewrite: Improve 'bad flag delimeters' startup error by showing
how the input was tokenized. PR 56528. [Edward Lu <Chaosed0 gmail.com>] how the input was tokenized. PR 56528. [Edward Lu <Chaosed0 gmail.com>]

4
modules/ssl/ssl_engine_config.c
View File

@@ -110,7 +110,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
mctx->ticket_key = NULL; mctx->ticket_key = NULL;
#endif #endif
mctx->protocol = SSL_PROTOCOL_ALL; mctx->protocol = SSL_PROTOCOL_UNSET;
mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET; mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
mctx->pphrase_dialog_path = NULL; mctx->pphrase_dialog_path = NULL;
@@ -254,7 +254,7 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p,
modssl_ctx_t *add, modssl_ctx_t *add,
modssl_ctx_t *mrg) modssl_ctx_t *mrg)
{ {
cfgMerge(protocol, SSL_PROTOCOL_ALL); cfgMerge(protocol, SSL_PROTOCOL_UNSET);
cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET); cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
cfgMergeString(pphrase_dialog_path); cfgMergeString(pphrase_dialog_path);

9
modules/ssl/ssl_engine_init.c
View File

@@ -209,10 +209,19 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
if (sc->enabled == SSL_ENABLED_UNSET) { if (sc->enabled == SSL_ENABLED_UNSET) {
sc->enabled = SSL_ENABLED_FALSE; sc->enabled = SSL_ENABLED_FALSE;
} }
if (sc->proxy_enabled == UNSET) { if (sc->proxy_enabled == UNSET) {
sc->proxy_enabled = FALSE; sc->proxy_enabled = FALSE;
} }
if (sc->server && sc->server->protocol == SSL_PROTOCOL_UNSET) {
sc->server->protocol = SSL_PROTOCOL_ALL;
}
if (sc->proxy && sc->proxy->protocol == SSL_PROTOCOL_UNSET) {
sc->proxy->protocol = SSL_PROTOCOL_ALL;
}
if (sc->session_cache_timeout == UNSET) { if (sc->session_cache_timeout == UNSET) {
sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT; sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT;
} }

13
modules/ssl/ssl_private.h
View File

@@ -286,13 +286,14 @@ typedef int ssl_opt_t;
/** /**
* Define the SSL Protocol options * Define the SSL Protocol options
*/ */
#define SSL_PROTOCOL_NONE (0) #define SSL_PROTOCOL_UNSET (0)
#define SSL_PROTOCOL_SSLV2 (1<<0) #define SSL_PROTOCOL_NONE (1<<0)
#define SSL_PROTOCOL_SSLV3 (1<<1) #define SSL_PROTOCOL_SSLV2 (1<<1)
#define SSL_PROTOCOL_TLSV1 (1<<2) #define SSL_PROTOCOL_SSLV3 (1<<2)
#define SSL_PROTOCOL_TLSV1 (1<<3)
#ifdef HAVE_TLSV1_X #ifdef HAVE_TLSV1_X
#define SSL_PROTOCOL_TLSV1_1 (1<<3) #define SSL_PROTOCOL_TLSV1_1 (1<<4)
#define SSL_PROTOCOL_TLSV1_2 (1<<4) #define SSL_PROTOCOL_TLSV1_2 (1<<5)
#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1| \ #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1| \
SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2) SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
#else #else