mod_ssl: follow up to r1781575

author Yann Ylavic <ylavic@apache.org>

Fri, 24 Mar 2017 12:40:27 +0000 (12:40 +0000)

committer Yann Ylavic <ylavic@apache.org>

Fri, 24 Mar 2017 12:40:27 +0000 (12:40 +0000)
author Yann Ylavic <ylavic@apache.org>
Fri, 24 Mar 2017 12:40:27 +0000 (12:40 +0000)
committer Yann Ylavic <ylavic@apache.org>
Fri, 24 Mar 2017 12:40:27 +0000 (12:40 +0000)
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c

index 99f0c13391a82764b2dc93b8287138311c2534d6..2e299e7b2f8575f6087a204efa4a36c23630345e 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -265,7 +265,7 @@ static const command_rec ssl_config_cmds[] = {
                  "Proxy URL to use for OCSP requests")
  
  /* Define OCSP Responder Certificate Verification Directive */
-    SSL_CMD_SRV(OCSPNoverify, FLAG,
+    SSL_CMD_SRV(OCSPNoVerify, FLAG,
                  "Do not verify OCSP Responder certificate ('on', 'off')")
  /* Define OCSP Responder File Configuration Directive */
      SSL_CMD_SRV(OCSPResponderCertificateFile, TAKE1,
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c

index 730a6b38fbfbb8263f0f3e28812300faf9862c20..037ba1179bd85b4ba51b4b229630d9259fadb1b2 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -147,7 +147,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
      mctx->proxy_uri              = NULL;
  
  /* Set OCSP Responder Certificate Verification variable */
-    mctx->ocsp_noverify       = FALSE;
+    mctx->ocsp_noverify       = UNSET;
  /* Set OCSP Responder File variables */
      mctx->ocsp_verify_flags   = 0;
      mctx->ocsp_certs_file     = NULL;
@@ -1721,7 +1721,7 @@ const char *ssl_cmd_SSLOCSPProxyURL(cmd_parms *cmd, void *dcfg,
  }
  
  /* Set OCSP responder certificate verification directive */
-const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag)
+const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag)
  {
      SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
  
diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c

index 5617b9cf6601c4f6d3e4c2bc0628bcf9065d1f9b..d146f6bd7f0294cf2ee2f42c3cc28ed304a121cc 100644 (file)
--- a/modules/ssl/ssl_engine_ocsp.c
+++ b/modules/ssl/ssl_engine_ocsp.c
@@ -184,7 +184,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
  
      if (rc == V_OCSP_CERTSTATUS_GOOD) {
          /* Check if OCSP certificate verification required */
-        if (!sc->server->ocsp_noverify) {
+        if (sc->server->ocsp_noverify != TRUE) {
              /* Modify OCSP response verification to include OCSP Responder cert */
              if (OCSP_basic_verify(basicResponse, sc->server->ocsp_certs, X509_STORE_CTX_get0_store(ctx),
                                    sc->server->ocsp_verify_flags) != 1) {
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h

index a3a1ee1eb28ebf72378db6c5fcadfd5a0dee3af4..b41e737f75fdc6dc532968f9e7c443afdd2ffc35 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -815,7 +815,7 @@ const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag);
  const char *ssl_cmd_SSLOCSPProxyURL(cmd_parms *cmd, void *dcfg, const char *arg);
  
  /* Declare OCSP Responder Certificate Verification Directive */
-const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag);
+const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag);
  /* Declare OCSP Responder Certificate File Directive */
  const char *ssl_cmd_SSLOCSPResponderCertificateFile(cmd_parms *cmd, void *dcfg, const char *arg);
author	Yann Ylavic <ylavic@apache.org>
	Fri, 24 Mar 2017 12:40:27 +0000 (12:40 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Fri, 24 Mar 2017 12:40:27 +0000 (12:40 +0000)
modules/ssl/mod_ssl.c		patch \| blob \| history
modules/ssl/ssl_engine_config.c		patch \| blob \| history
modules/ssl/ssl_engine_ocsp.c		patch \| blob \| history
modules/ssl/ssl_private.h		patch \| blob \| history