granicus.if.org Git - apache/commit

author	Joe Orton <jorton@apache.org>
	Wed, 3 Feb 2010 13:38:09 +0000 (13:38 +0000)
committer	Joe Orton <jorton@apache.org>
	Wed, 3 Feb 2010 13:38:09 +0000 (13:38 +0000)
commit	f1e767fd68f4d8f0edc54ca25c3f3cc4f9c19a1b
tree	d215914f77907a691fe3df7c12dd72bf37b1acba	tree \| snapshot
parent	262c4164d2745d0c0e81147ec6daa983a2e4efe6	commit \| diff

New releases of OpenSSL will only allow secure renegotiation by
default.  Add an "SSLInsecureRenegotiation" directive to enable
renegotiation against unpatched clients, to ease transition:

* modules/ssl/ssl_private.h (struct SSLSrvConfigRec): Add
  insecure_reneg field.

* modules/ssl/ssl_engine_config.c (ssl_config_server_new,
  ssl_config_server_merge): Handle the insecure_reneg flag.
  (ssl_cmd_SSLInsecureRenegotiation): New function.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Set the
  SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION option if insecure_reneg is
  enabled.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Log level of
  support for secure reneg.

* modules/ssl/mod_ssl.c: Add the directive definition.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@906039 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/mod_ssl.c		diff \| blob \| history
modules/ssl/ssl_engine_config.c		diff \| blob \| history
modules/ssl/ssl_engine_init.c		diff \| blob \| history
modules/ssl/ssl_engine_kernel.c		diff \| blob \| history
modules/ssl/ssl_private.h		diff \| blob \| history