granicus.if.org Git - apache/commit

author	Joe Orton <jorton@apache.org>
	Fri, 6 Nov 2009 22:33:19 +0000 (22:33 +0000)
committer	Joe Orton <jorton@apache.org>
	Fri, 6 Nov 2009 22:33:19 +0000 (22:33 +0000)
commit	39d5d9507b28016c51c2f9bb2f67c7884cdb7a35
tree	738790d392a57bde1d2c42ed1342e70a00cf25c4	tree \| snapshot
parent	4ca6d1cb48a74bfab63a5adac931f9620e683b0e	commit \| diff

SECURITY: Partial fix for CVE-2009-3555:

Reject client-initiated renegotiations; this is sufficient to prevent
the attack for any configuration which does not require renegotiation
due to per-directory/per-location access control configuration.

Configuration with per-directory/per-location access control
requirements (such as "SSLVerifyClient require") are still vulnerable
to CVE-2009-3555 with this patch applied (if using OpenSSL <= 0.9.8k).

* modules/ssl/ssl_private.h (SSLConnRec): Add reneg_state field.
  (ssl_callback_Info): Renamed from ssl_callback_LogTracingState.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Install
  the (renamed) info callback unconditionally.

* modules/ssl/ssl_engine_io.c (ssl_filter_ctx_t): Add config pointer
  to SSLConnRec.
  (bio_filter_out_write, bio_filter_in_read): Fail with
  APR_ECONNABORTED if the reneg state is set to RENEG_ABORT.

* modules/ssl/ssl_engine_kernel.c (log_tracing_state): Factored out
  of ssl_callback_LogTracingState.
  (ssl_callback_Info): New function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@833582 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_init.c		diff \| blob \| history
modules/ssl/ssl_engine_io.c		diff \| blob \| history
modules/ssl/ssl_engine_kernel.c		diff \| blob \| history
modules/ssl/ssl_private.h		diff \| blob \| history