Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.

author Jeff Trawick <trawick@apache.org>

Sun, 5 Jan 2014 21:18:28 +0000 (21:18 +0000)

committer Jeff Trawick <trawick@apache.org>

Sun, 5 Jan 2014 21:18:28 +0000 (21:18 +0000)
author Jeff Trawick <trawick@apache.org>
Sun, 5 Jan 2014 21:18:28 +0000 (21:18 +0000)
committer Jeff Trawick <trawick@apache.org>
Sun, 5 Jan 2014 21:18:28 +0000 (21:18 +0000)
diff --git a/CHANGES b/CHANGES

index 30ddf6b2e35e53fb56b7cf17419e6c32d71c24d2..8a0f446daccd3b57b03197f78081909edddbca1e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.0
  
+  *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
+     [Jeff Trawick]
+
    *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
       [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
  
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c

index da32499e2989adc988fddb0a6964d46d132fb144..efdcf00064ef54dcab32a75046c156191613a69d 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -127,8 +127,8 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
      mctx->auth.verify_depth   = UNSET;
      mctx->auth.verify_mode    = SSL_CVERIFY_UNSET;
  
-    mctx->ocsp_enabled        = FALSE;
-    mctx->ocsp_force_default  = FALSE;
+    mctx->ocsp_enabled        = UNSET;
+    mctx->ocsp_force_default  = UNSET;
      mctx->ocsp_responder      = NULL;
      mctx->ocsp_resptime_skew  = UNSET;
      mctx->ocsp_resp_maxage    = UNSET;
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c

index 062e235a8abf1c7f94ca64e4c18b28f9e324ee8b..0bb37a318522f45d0d58ab32d701895e4c40b886 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1461,7 +1461,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
      /*
       * Perform OCSP-based revocation checks
       */
-    if (ok && sc->server->ocsp_enabled) {
+    if (ok && sc->server->ocsp_enabled == TRUE) {
          /* If there was an optional verification error, it's not
           * possible to perform OCSP validation since the issuer may be
           * missing/untrusted.  Fail in that case. */
diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c

index 90da5c279fa77ab3455de67a0239cd3d414d2426..b9fca6577dcdedf2a88780c32eedd4da71c9669e 100644 (file)
--- a/modules/ssl/ssl_engine_ocsp.c
+++ b/modules/ssl/ssl_engine_ocsp.c
@@ -61,7 +61,7 @@ static apr_uri_t *determine_responder_uri(SSLSrvConfigRec *sc, X509 *cert,
      /* Use default responder URL if forced by configuration, else use
       * certificate-specified responder, falling back to default if
       * necessary and possible. */
-    if (sc->server->ocsp_force_default) {
+    if (sc->server->ocsp_force_default == TRUE) {
          s = sc->server->ocsp_responder;
      }
      else {
author	Jeff Trawick <trawick@apache.org>
	Sun, 5 Jan 2014 21:18:28 +0000 (21:18 +0000)
committer	Jeff Trawick <trawick@apache.org>
	Sun, 5 Jan 2014 21:18:28 +0000 (21:18 +0000)
CHANGES		patch \| blob \| history
modules/ssl/ssl_engine_config.c		patch \| blob \| history
modules/ssl/ssl_engine_kernel.c		patch \| blob \| history
modules/ssl/ssl_engine_ocsp.c		patch \| blob \| history