Merge r1829513 from trunk:

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Don't enable SSL
  for a vhost if SSLEnable is not used and no certs are configured,
  even if the Listen protocol is "https".  Restores behaviour to that
  prior to r1809303 for configs which would now otherwise fail at
  startup.

Submitted by: jorton
Reviewed by: jorton, jim, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832495 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 988932b448eba0d2f7568a04d2631130be151cbf..571c6108a746d1cf504e1d6f17d080d74a91be43 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.34
 
+  *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
+     which broke some rare but previously-working configs.  [Joe Orton]
+
   *) core, log: improve sanity checks for the ErrorLog's syslog config, and
      explicitly allow ony lowercase 'syslog' settings. PR 62102
      [Luca Toscano, Jim Riggs, Christophe Jaillet]

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index a3a74f474c0e4629ac4e5869ee8088dc575b9fc4..c75e51ebddb598f58c46b195bcc52cddd8fe265f 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -261,7 +261,8 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
          * the protocol is https. */
         if (ap_get_server_protocol(s) 
             && strcmp("https", ap_get_server_protocol(s)) == 0
-            && sc->enabled == SSL_ENABLED_UNSET) {
+            && sc->enabled == SSL_ENABLED_UNSET
+            && (!apr_is_empty_array(sc->server->pks->cert_files))) {
             sc->enabled = SSL_ENABLED_TRUE;
         }