www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

mod_ssl: follow up to r1877397: fix SSL_OP_NO_RENEGOT*I*ATION typo.

Browse Source 
Should work better now :)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877795 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2020-05-15 21:14:36 +00:00
parent c9c3ed38a2
commit f8efcb67a4
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/ssl/ssl_engine_kernel.c
View File

@@ -2264,7 +2264,7 @@ static void log_tracing_state(const SSL *ssl, conn_rec *c,
/* /*
* This callback function is executed while OpenSSL processes the SSL * This callback function is executed while OpenSSL processes the SSL
* handshake and does SSL record layer stuff. It's used to trap * handshake and does SSL record layer stuff. It's used to trap
* client-initiated renegotiations (where SSL_OP_NO_RENEGOTATION is * client-initiated renegotiations (where SSL_OP_NO_RENEGOTIATION is
* not available), and for dumping everything to the log. * not available), and for dumping everything to the log.
*/ */
void ssl_callback_Info(const SSL *ssl, int where, int rc) void ssl_callback_Info(const SSL *ssl, int where, int rc)
@@ -2277,12 +2277,12 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc)
return; return;
} }
#ifndef SSL_OP_NO_RENEGOTATION #ifndef SSL_OP_NO_RENEGOTIATION
/* With OpenSSL < 1.1.1 (implying TLS v1.2 or earlier), this /* With OpenSSL < 1.1.1 (implying TLS v1.2 or earlier), this
* callback is used to block client-initiated renegotiation. With * callback is used to block client-initiated renegotiation. With
* TLSv1.3 it is unnecessary since renegotiation is forbidden at * TLSv1.3 it is unnecessary since renegotiation is forbidden at
* protocol level. Otherwise (TLSv1.2 with OpenSSL >=1.1.1), * protocol level. Otherwise (TLSv1.2 with OpenSSL >=1.1.1),
* SSL_OP_NO_RENEGOTATION is used to block renegotiation. */ * SSL_OP_NO_RENEGOTIATION is used to block renegotiation. */
{ {
SSLConnRec *sslconn; SSLConnRec *sslconn;

4
modules/ssl/ssl_private.h
View File

@@ -546,10 +546,10 @@ typedef struct {
NON_SSL_SET_ERROR_MSG /* Need to set the error message */ NON_SSL_SET_ERROR_MSG /* Need to set the error message */
} non_ssl_request; } non_ssl_request;
#ifndef SSL_OP_NO_RENEGOTATION #ifndef SSL_OP_NO_RENEGOTIATION
/* For OpenSSL < 1.1.1, track the handshake/renegotiation state /* For OpenSSL < 1.1.1, track the handshake/renegotiation state
* for the connection to block client-initiated renegotiations. * for the connection to block client-initiated renegotiations.
* For OpenSSL >=1.1.1, the SSL_OP_NO_RENEGOTATION flag is used in * For OpenSSL >=1.1.1, the SSL_OP_NO_RENEGOTIATION flag is used in
* the SSL * options state with equivalent effect. */ * the SSL * options state with equivalent effect. */
modssl_reneg_state reneg_state; modssl_reneg_state reneg_state;
#endif #endif

6
modules/ssl/ssl_util_ssl.c
View File

@@ -514,13 +514,13 @@ char *modssl_SSL_SESSION_id2sz(IDCONST unsigned char *id, int idlen,
void modssl_set_reneg_state(SSLConnRec *sslconn, modssl_reneg_state state) void modssl_set_reneg_state(SSLConnRec *sslconn, modssl_reneg_state state)
{ {
#ifdef SSL_OP_NO_RENEGOTATION #ifdef SSL_OP_NO_RENEGOTIATION
switch (state) { switch (state) {
case RENEG_ALLOW: case RENEG_ALLOW:
SSL_clear_options(sslconn->ssl, SSL_OP_NO_RENEGOTATION); SSL_clear_options(sslconn->ssl, SSL_OP_NO_RENEGOTIATION);
break; break;
default: default:
SSL_set_options(sslconn->ssl, SSL_OP_NO_RENEGOTATION); SSL_set_options(sslconn->ssl, SSL_OP_NO_RENEGOTIATION);
break; break;
} }
#else #else