Changes with Apache 2.3.0
[Remove entries to the current 2.0 and 2.2 section below, when backported]
+ *) mod_ssl: Fix a possible crash during access control checks if a
+ non-SSL request is processed for an SSL vhost (such as the
+ "HTTP request received on SSL port" error message when an 400
+ ErrorDocument is configured, or if using "SSLEngine optional").
+ PR 37791. [Rüdiger Plüm, Joe Orton]
+
*) mod_proxy_balancer: Sticky session identifiers supplied in URL do not work.
PR37753. [Ruediger Pluem, Kazuhiro Osawa <ko yappo.ne.jp>]
}
/*
- * Check to see if SSL protocol is on
+ * Check to see whether SSL is in use; if it's not, then no
+ * further access control checks are relevant. (the test for
+ * sc->enabled is probably strictly unnecessary)
*/
- if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
+ if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
return DECLINED;
}
+
/*
* Support for per-directory reconfigured SSL connection parameters.
*