* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl): Add

  SSL_SECURE_RENEG variable to indicate support for secure reneg.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup_vars): Export
  SSL_SECURE_RENEG in the default set of variable.s

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@906057 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 6571cf64249e0421f91c30a1586e712f33391c13..f61b249cfbfcad0ad0ccc407d8354a6b00fb11ee 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1080,6 +1080,7 @@ static const char *ssl_hook_Fixup_vars[] = {
     "SSL_VERSION_INTERFACE",
     "SSL_VERSION_LIBRARY",
     "SSL_PROTOCOL",
+    "SSL_SECURE_RENEG",
     "SSL_COMPRESS_METHOD",
     "SSL_CIPHER",
     "SSL_CIPHER_EXPORT",

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index f1683fa867c099d74f2dd36d9085316cc77cfc8b..5a2874732a6bcf58f348014b9d9305476e7dd6d4 100644 (file)
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -332,6 +332,14 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
                                                    TLSEXT_NAMETYPE_host_name));
     }
 #endif
+    else if (ssl != NULL && strcEQ(var, "SECURE_RENEG")) {
+        int flag = 0;
+#ifdef SSL_get_secure_renegotiation_support
+        flag = SSL_get_secure_renegotiation_support(ssl);
+#endif
+        result = apr_pstrdup(p, flag ? "true" : "false");
+    }                             
+
     return result;
 }