Add a warning if protocol given in SSLProtocol or SSLProxyProtocol will override other parameters given in the same directive.
This could be a missing + or - prefix.
PR 52820
Tweak log message
Add CHANGES entry before backport proposal
Follow-up to r1520445:
Tweak error message for clarity
Submitted by: jailletc36, trawick
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1674655 13f79535-47bb-0310-9956-
ffa450edef68
calls r:wsupgrade() can cause a child process crash.
[Edward Lu <Chaosed0 gmail.com>]
+ *) ssl: Add a warning if protocol given in SSLProtocol or SSLProxyProtocol
+ will override other parameters given in the same directive. This could be
+ a missing + or - prefix. PR 52820 [Christophe Jaillet]
+
*) mod_proxy: Use the correct server name for SNI in case the backend
SSL connection itself is established via a proxy server.
PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) ssl: Add a warning if protocol given in SSLProtocol or SSLProxyProtocol
- will override other parameters given in the same directive. This could be
- a missing + or - prefix. PR 52820 [Christophe Jaillet]
- trunk patch: http://svn.apache.org/r1520445
- http://svn.apache.org/r1672985
- http://svn.apache.org/r1672989 (CHANGES)
- http://svn.apache.org/r1673769
- 2.4.x patch: trunk works (modulo CHANGES)
- +1: jailletc36, ylavic, covener
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
else {
return apr_pstrcat(parms->temp_pool,
parms->cmd->name,
- ": Illegal protocol '",
- w, "'", NULL);
+ ": Illegal protocol '", w, "'", NULL);
}
if (action == '-') {
*options |= thisopt;
}
else {
+ if (*options != SSL_PROTOCOL_NONE) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, parms->server, APLOGNO(02532)
+ "%s: Protocol '%s' overrides already set parameter(s). "
+ "Check if a +/- prefix is missing.",
+ parms->cmd->name, w);
+ }
*options = thisopt;
}
}
projects / apache / commitdiff