SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
of per-directory renegotiations and the SSLCipherSuite directive
being used to upgrade from a weak ciphersuite to a strong one
could result in the weak ciphersuite being used in place of the
strong one. [Ben Laurie]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100518
13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.0.47
+ *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
+ of per-directory renegotiations and the SSLCipherSuite directive
+ being used to upgrade from a weak ciphersuite to a strong one
+ could result in the weak ciphersuite being used in place of the
+ strong one. [Ben Laurie]
+
*) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing
temporary denial of service when accept() on a rarely accessed port
returns certain errors. Reported by Saheed Akhtar
SSL_set_verify_result(ssl, X509_V_OK);
/* determine whether we've to force a renegotiation */
- if (verify != verify_old) {
+ if (!renegotiate && verify != verify_old) {
if (((verify_old == SSL_VERIFY_NONE) &&
(verify != SSL_VERIFY_NONE)) ||