Only read "active" values from the key_files array. PR 56306.
Submitted by: kbrand
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1588246 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.10
+ *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
+ (and logging garbled file names). PR 56306. [Kaspar Brand]
+
*) mod_ssl: fix merging of global and vhost-level settings with the
SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
directives. PR 56353. [Kaspar Brand]
2.4.x patch: trunk patch works, modulo CHANGES
+1: minfrin, jim, ylavic
- * mod_ssl: only read "active" values from the key_files array (PR 56306)
- trunk patch: https://svn.apache.org/r1585918
- 2.4.x patch: trunk patch works (modulo CHANGES)
- +1: kbrand, ylavic, jorton
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
}
/* and second, the private key */
- keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *);
- if (keyfile == NULL)
+ if (i < mctx->pks->key_files->nelts) {
+ keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *);
+ } else {
keyfile = certfile;
+ }
ERR_clear_error();
projects / apache / commitdiff