www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

mod_ssl: check request-server for TLS settings compatible to handshake server, allow request if equal, renegotiation checks: remember last used cipher_suite for optimizations, deny any regnegotiation in presence of master connection

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1709995 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Eissing
2015-10-22 11:36:22 +00:00
parent 27028fe3f3
commit ddf4c280a1
4 changed files with 200 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/ssl/mod_ssl.c
View File

@@ -396,6 +396,7 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
{
SSLConnRec *sslconn = myConnConfig(c);
SSLSrvConfigRec *sc;
if (sslconn) {
return sslconn;
@@ -405,6 +406,8 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
sslconn->server = c->base_server;
sslconn->verify_depth = UNSET;
sc = mySrvConfig(c->base_server);
sslconn->cipher_suite = sc->server->auth.cipher_suite;
myConnConfigSet(c, sslconn);
@@ -563,8 +566,8 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
/*
* Immediately stop processing if SSL is disabled for this connection
*/
if (!(sc && (sc->enabled == SSL_ENABLED_TRUE ||
(sslconn && sslconn->is_proxy))))
if (c->master || !(sc && (sc->enabled == SSL_ENABLED_TRUE ||
(sslconn && sslconn->is_proxy))))
{
return DECLINED;
}