Solve a pretty horrific bug in SSLCryptoDevice and other places where

  the config cmd processors should be examining the SSL context.  We must
  initialize the SSL library before we can actually obtain any useful
  information from the SSL library.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100107 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index e4dbef7218c9562fd3550b1aee65c30efceba298..06034e19035a7bc6d868f3bcf60371879a03da70 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -235,8 +235,17 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
                                apr_pool_t *plog,
                                apr_pool_t *ptemp)
 {
-    /* Preregister the malloc callbacks so cmds can make library calls */
+    /* We must register the library in full, to ensure our configuration 
+     * code can successfully test the SSL environment.
+     */
     CRYPTO_malloc_init();
+    ERR_load_crypto_strings();
+    OpenSSL_add_all_algorithms();
+#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+    ENGINE_load_builtin_engines();
+#endif
+    OPENSSL_load_builtin_modules();
+    SSL_load_error_strings();
 
     /* Register us to handle mod_log_config %c/%x variables */
     ssl_var_log_config_register(pconf);

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index f4e758b9e418794cad0bd19a83200ec36f4bc5a3..c09111824595c9087acb365d4dcc419db235b29e 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -106,18 +106,6 @@ static void ssl_add_version_components(apr_pool_t *p,
 }
 
 
-/*
- *  Initialize SSL library
- */
-static void ssl_init_SSLLibrary(server_rec *s)
-{
-    ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
-                 "Init: Initializing %s library", SSL_LIBRARY_NAME);
-
-    SSL_load_error_strings();
-    SSL_library_init();
-}
-
 /*
  * Handle the Temporary RSA Keys and DH Params
  */
@@ -274,12 +262,13 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
     ssl_init_Engine(base_server, p);
 #endif
 
-    ssl_init_SSLLibrary(base_server);
-
 #if APR_HAS_THREADS
     ssl_util_thread_setup(p);
 #endif
 
+    ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+                 "Init: Initialized %s library", SSL_LIBRARY_NAME);
+
     /*
      * Seed the Pseudo Random Number Generator (PRNG)
      * only need ptemp here; nothing inside allocated from the pool