mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections.
Regression introduced in 2.4.30. PR 62232.
The proxy SSL_CTX was not inherited from the vhost (the only available in
2.4.29) in/for any directory context besides <Proxy>...
Mostly debugged and fixed by Rainer, thanks!
Submitted by: ylavic
Reviewed by: ylavic, rpluem, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1828735 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.4.34
+ *) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
+ regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic]
+
*) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
[Eric Covener]
implementing the Let's Encrypt ACMEv1 protocol to signup and renew
certificates. Please read the modules documentation for further instructions
on how to use it. [Stefan Eissing]
-
+
*) mod_proxy_html: skip documents shorter than 4 bytes
PR 56286 [Micha Lenk <micha lenk info>]
RELEASE SHOWSTOPPERS:
- *) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
- regression introduced in 2.4.30. PR 62232.
- trunk patch: http://svn.apache.org/r1828390
- 2.4.x patch: svn merge -c 1828390 ^/httpd/httpd/trunk .
- +1: ylavic, rpluem, jim
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
cfgMergeInt(nRenegBufferSize);
mrg->proxy_post_config = add->proxy_post_config;
- if (!add->proxy_post_config) {
+ if (!mrg->proxy_post_config) {
cfgMergeBool(proxy_enabled);
modssl_ctx_init_proxy(mrg, p);
modssl_ctx_cfg_merge_proxy(p, base->proxy, add->proxy, mrg->proxy);
+
+ /* Since ssl_proxy_section_post_config() hook won't be called if there
+ * is no SSLProxy* in this dir config, the ssl_ctx may still be NULL
+ * here at runtime. Merging it is either a no-op (NULL => NULL) because
+ * we are still before post config, or we really want to reuse the one
+ * from the upper/server context (outside of <Proxy> sections).
+ */
+ cfgMerge(proxy->ssl_ctx, NULL);
}
else {
- /* post_config hook has already merged and initialized the
+ /* The post_config hook has already merged and initialized the
* proxy context, use it.
*/
mrg->proxy_enabled = add->proxy_enabled;