move c->notes.ssl::verify::depth to SSLConnRec.verify_depth

note: may actually be removed unless somebody can figure out why it is in
there to begin with
PR:
Obtained from:
Submitted by:
Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92111 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 3977c73b08790d01cdf468648aa4227e42b0e16b..62452dd5024a53e303eab37b7decdee2a6cc08c5 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -274,7 +274,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
     SSL_set_app_data(ssl, c);
     apctx = apr_table_make(c->pool, AP_CTX_MAX_ENTRIES);
     apr_table_setn(apctx, "ssl::request_rec", NULL);
-    apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
     SSL_set_app_data2(ssl, apctx);
 
     sslconn->ssl = ssl;

diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 50471a81d168ed4f414a662ad872a695529d5f4c..32a3e8081e66abfdc4e9adb13749263c26e9bf32 100644 (file)
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -462,6 +462,7 @@ typedef struct {
     ssl_shutdown_type_e shutdown_type;
     const char *verify_info;
     const char *verify_error;
+    int verify_depth;
 } SSLConnRec;
 
 typedef struct {

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 19c13eb5e2db928f64870e954728e279a467ba9a..ee888aea922774e4cdc3dea43335ba9393eb69df 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -371,11 +371,9 @@ int ssl_hook_Access(request_rec *r)
     STACK_OF(SSL_CIPHER) *skCipherOld;
     STACK_OF(SSL_CIPHER) *skCipher;
     SSL_CIPHER *pCipher;
-    apr_table_t *apctx;
     int nVerifyOld;
     int nVerify;
     int n;
-    void *vp;
     int rc;
 
     dc  = myDirConfig(r);
@@ -522,13 +520,11 @@ int ssl_hook_Access(request_rec *r)
      * restriction on the certificate chain).
      */
     if (dc->nVerifyDepth != UNSET) {
-        apctx = (apr_table_t *)SSL_get_app_data2(ssl);
-        if ((vp = (void *)apr_table_get(apctx, "ssl::verify::depth")) != NULL)
-            n = (int)AP_CTX_PTR2NUM(vp);
-        else
-            n = sc->nVerifyDepth;
-        apr_table_setn(apctx, "ssl::verify::depth",
-                   (const char *)AP_CTX_NUM2PTR(dc->nVerifyDepth));
+        /* XXX: doesnt look like sslconn->verify_depth is actually used */
+        if (!(n = sslconn->verify_depth)) {
+            sslconn->verify_depth = n = sc->nVerifyDepth;
+        }
+
         /* determine whether a renegotiation has to be forced */
         if (dc->nVerifyDepth < n) {
             renegotiate = TRUE;