www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

mod_ssl: OCSP does not apply to proxy mode, fix verify context.

Browse Source 
Since ssl_callback_SSLVerify() is called for both server and proxy modes,
use myCtxConfig()->ocsp_mask to check the right mode/configuration (i.e.
none for proxy in any case).

PR 63679.
Submitted by: Lubos Uhliarik <luhliari redhat.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1865740 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2019-08-23 10:31:01 +00:00
parent 33feaed1c8
commit b2c35e9360
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/ssl/ssl_engine_kernel.c
View File

@@ -1831,8 +1831,8 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
/*
* Perform OCSP-based revocation checks
*/
if (ok && ((sc->server->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
(errdepth == 0 && (sc->server->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {
if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
(errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {
/* If there was an optional verification error, it's not
* possible to perform OCSP validation since the issuer may be
* missing/untrusted. Fail in that case. */