Avoid unnecessary renegotiations with SSLVerifyDepth 0.

PR: 48215 Submitted by: Kaspar Brand <asfbugz velox ch> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1137394 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2011-06-19 18:03:55 +00:00
parent 99a601df31
commit a71d0d72cb
3 changed files with 5 additions and 1 deletions
--- a/3
+++ b/3
@@ -2,6 +2,9 @@

 Changes with Apache 2.3.13

+  *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0.
+     PR 48215. [Kaspar Brand]
+
  *) mod_status: Display information about asynchronous connections in the
     server-status. PR 44377. [Stefan Fritsch]

--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -339,6 +339,7 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
    sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));

    sslconn->server = c->base_server;
+    sslconn->verify_depth = UNSET;

    myConnConfigSet(c, sslconn);

--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -499,7 +499,7 @@ int ssl_hook_Access(request_rec *r)
     * currently active/remembered verify depth (because this means more
     * restriction on the certificate chain).
     */
-    n = sslconn->verify_depth ?
+    n = (sslconn->verify_depth != UNSET) ?
        sslconn->verify_depth :
        (mySrvConfig(handshakeserver))->server->auth.verify_depth;
    /* determine the new depth */