mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake()

hook returns an error.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1734006 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 6651869392e3718ace7a7615347c80c86291d782..ab351839f817be87f38a73b8e90da807d1094f61 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake()
+     hook returns an error. [Graham Leggett]
+
   *) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111.
      [Yann Ylavic]
 

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index edc27c458806adc5805e437b91947629016ea9d2..cff0d0c42039df52bf9fcf0c9d394a47e499e530 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -492,7 +492,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
      * attach this to the socket. Additionally we register this attachment
      * so we can detach later.
      */
-    if (!(ssl = SSL_new(mctx->ssl_ctx))) {
+    if (!(sslconn->ssl = ssl = SSL_new(mctx->ssl_ctx))) {
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01962)
                       "Unable to create a new SSL connection from the SSL "
                       "context");
@@ -526,8 +526,6 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
     SSL_set_app_data(ssl, c);
     modssl_set_app_data2(ssl, NULL); /* will be request_rec */
 
-    sslconn->ssl = ssl;
-
     SSL_set_verify_result(ssl, X509_V_OK);
 
     ssl_io_filter_init(c, r, ssl);