mod_ssl: Fix SSL_CLIENT_VERIFY value when "SSLVerifyClient optional_no_ca" and

SSLSessionCache are used and SSL session is resumed. SSL_CLIENT_VERIFY value
has been set to SUCCESS on resumption even when originally it was set to
GENEROUS. PR 53193.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1633085 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index c7cbaa3e673f85714b759395d9c487597f1dc7d4..b1f4bda8f91453eccdc73a8f1b87a9c1e87bb24e 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1322,6 +1322,11 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
                           "\"SSLVerifyClient optional_no_ca\" "
                           "configuration");
             ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
+
+            /* on session resumption ssl_callback_SSLVerify() 
+             * will not be called, therefore we have to set it here
+             */
+            sslconn->verify_info = "GENEROUS";
         }
         else {
             const char *error = sslconn->verify_error ?