Revert optimization from circa 2.0.34 that caused very long vhost id's

to be unusable with mod_ssl.

PR: 8572

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94881 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 384d635be2cf8959ef6bcfca68b27672e0203719..b6a954bbbf7a24d0f5439ea4ec5d01799d46fcee 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.37
 
+  *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
+     as the session id context rather that a MD5 hash of that vhost ID,
+     because it caused very long vhost id's to be unusable with mod_ssl.
+     PR 8572.  [Cliff Woolley]
+
   *) Fix the link to the description of the CoredumpDirectory 
      directive in the server-wide document.  PR 8643.  [Jeff Trawick]
 

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index c1a0c27163517b049b692ac44205e676a4bb32b8..64e366d165c09b5a78421f8bbf2b4869f9a058a2 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -279,6 +279,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
     SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
     SSL *ssl;
     SSLConnRec *sslconn = myConnConfig(c);
+    char *vhost_md5;
     modssl_ctx_t *mctx;
 
     /*
@@ -334,12 +335,13 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
         return DECLINED; /* XXX */
     }
 
-    if (!SSL_set_session_id_context(ssl,
-                                    (unsigned char *)sc->vhost_id,
-                                    sc->vhost_id_len))
+    vhost_md5 = ap_md5_binary(c->pool, sc->vhost_id, sc->vhost_id_len);
+
+    if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
+                                    MD5_DIGESTSIZE*2))
     {
         ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                "Unable to set session id context to `%s'", sc->vhost_id);
+                "Unable to set session id context to `%s'", vhost_md5);
 
         c->aborted = 1;