mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored

author Yann Ylavic <ylavic@apache.org>

Thu, 22 Jan 2015 18:37:06 +0000 (18:37 +0000)

committer Yann Ylavic <ylavic@apache.org>

Thu, 22 Jan 2015 18:37:06 +0000 (18:37 +0000)
author Yann Ylavic <ylavic@apache.org>
Thu, 22 Jan 2015 18:37:06 +0000 (18:37 +0000)
committer Yann Ylavic <ylavic@apache.org>
Thu, 22 Jan 2015 18:37:06 +0000 (18:37 +0000)
diff --git a/CHANGES b/CHANGES

index 1c8875bce5beb8bc35592f705602e34ce9f0d071..2d167f424b1ee9faa7c8620fda7d0525e85ef931 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.0
  
+  *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. 
+     PR 57100.  [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>,
+     Yann Ylavic]
+
    *) mod_alias: Introduce expression parser support for Alias, ScriptAlias
       and Redirect. [Graham Leggett]
  
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c

index eed4e084c3c26eb245aceacd00b31da258bcf270..9f2348d7e58394aaeb86c582774ea8995a41b897 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -111,6 +111,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
  #endif
  
      mctx->protocol            = SSL_PROTOCOL_ALL;
+    mctx->protocol_set        = 0;
  
      mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
      mctx->pphrase_dialog_path = NULL;
@@ -254,7 +255,12 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p,
                                   modssl_ctx_t *add,
                                   modssl_ctx_t *mrg)
  {
-    cfgMerge(protocol, SSL_PROTOCOL_ALL);
+    if (add->protocol_set) {
+        mrg->protocol = add->protocol;
+    }
+    else {
+        mrg->protocol = base->protocol;
+    }
  
      cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
      cfgMergeString(pphrase_dialog_path);
@@ -1358,6 +1364,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
  {
      SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
  
+    sc->server->protocol_set = 1;
      return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol);
  }
  
@@ -1376,6 +1383,7 @@ const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd,
  {
      SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
  
+    sc->proxy->protocol_set = 1;
      return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol);
  }
  
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h

index 140b9c30991b5161e47d42108b061940842ca642..9553e594dccd133a3f2ed9991e32a372e509b282 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -577,6 +577,7 @@ typedef struct {
  #endif
  
      ssl_proto_t  protocol;
+    int protocol_set;
  
      /** config for handling encrypted keys */
      ssl_pphrase_t pphrase_dialog_type;
author	Yann Ylavic <ylavic@apache.org>
	Thu, 22 Jan 2015 18:37:06 +0000 (18:37 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Thu, 22 Jan 2015 18:37:06 +0000 (18:37 +0000)
CHANGES		patch \| blob \| history
modules/ssl/ssl_engine_config.c		patch \| blob \| history
modules/ssl/ssl_private.h		patch \| blob \| history