mod_ssl: revert r1653906, will commit an alternative just after.

The issue with r1653906 is that existing configurations like
"SSLProtocol -SSLv3" (where the default is assumed to be ALL)
won't work anymore.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1653993 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index efe67fa85b5a2088b8cf38c5c8c39cbcd12883ad..1c8875bce5beb8bc35592f705602e34ce9f0d071 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,9 +4,6 @@ Changes with Apache 2.5.0
   *) mod_alias: Introduce expression parser support for Alias, ScriptAlias
      and Redirect. [Graham Leggett]
 
-  *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. 
-     PR 57100.  [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>]
-
   *) mod_rewrite: Improve 'bad flag delimeters' startup error by showing
      how the input was tokenized.  PR 56528. [Edward Lu <Chaosed0 gmail.com>]
 

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 738a00cf6e593c029ca6dc40a8540471f4463807..eed4e084c3c26eb245aceacd00b31da258bcf270 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -110,7 +110,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
     mctx->ticket_key          = NULL;
 #endif
 
-    mctx->protocol            = SSL_PROTOCOL_UNSET;
+    mctx->protocol            = SSL_PROTOCOL_ALL;
 
     mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
     mctx->pphrase_dialog_path = NULL;
@@ -254,7 +254,7 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p,
                                  modssl_ctx_t *add,
                                  modssl_ctx_t *mrg)
 {
-    cfgMerge(protocol, SSL_PROTOCOL_UNSET);
+    cfgMerge(protocol, SSL_PROTOCOL_ALL);
 
     cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
     cfgMergeString(pphrase_dialog_path);

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 903a5477a19c10dc159a3cd26ede48d5c4a0c64a..b44e01f1c27043db21958871cd634a5da0d7b751 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -209,19 +209,10 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         if (sc->enabled == SSL_ENABLED_UNSET) {
             sc->enabled = SSL_ENABLED_FALSE;
         }
-
         if (sc->proxy_enabled == UNSET) {
             sc->proxy_enabled = FALSE;
         }
 
-        if (sc->server && sc->server->protocol == SSL_PROTOCOL_UNSET) {
-            sc->server->protocol = SSL_PROTOCOL_ALL;
-        }
-
-        if (sc->proxy && sc->proxy->protocol == SSL_PROTOCOL_UNSET) {
-            sc->proxy->protocol = SSL_PROTOCOL_ALL;
-        }
-
         if (sc->session_cache_timeout == UNSET) {
             sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT;
         }

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 69c4704fda78ed65234990cb374d6c5a2e89405c..140b9c30991b5161e47d42108b061940842ca642 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -286,14 +286,13 @@ typedef int ssl_opt_t;
 /**
  * Define the SSL Protocol options
  */
-#define SSL_PROTOCOL_UNSET (0)
-#define SSL_PROTOCOL_NONE  (1<<0)
-#define SSL_PROTOCOL_SSLV2 (1<<1)
-#define SSL_PROTOCOL_SSLV3 (1<<2)
-#define SSL_PROTOCOL_TLSV1 (1<<3)
+#define SSL_PROTOCOL_NONE  (0)
+#define SSL_PROTOCOL_SSLV2 (1<<0)
+#define SSL_PROTOCOL_SSLV3 (1<<1)
+#define SSL_PROTOCOL_TLSV1 (1<<2)
 #ifdef HAVE_TLSV1_X
-#define SSL_PROTOCOL_TLSV1_1 (1<<4)
-#define SSL_PROTOCOL_TLSV1_2 (1<<5)
+#define SSL_PROTOCOL_TLSV1_1 (1<<3)
+#define SSL_PROTOCOL_TLSV1_2 (1<<4)
 #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1| \
                             SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
 #else