Merge r1653997 from trunk:

mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored
in virtualhost context (new version of r1653906 reverted by r1653993).

Submitted By: Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>
Committed/modified By: ylavic

Submitted by: ylavic
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663258 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 0a6da3b3d77d720dd11d7921957fe1d63c78849d..02468a38e589d3f9a97e14d3e18a7f59edb2af66 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.13
 
+  *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. 
+     PR 57100.  [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>,
+     Yann Ylavic]
+
   *) mod_ssl: Fix renegotiation failures redirected to an ErrorDocument.
      PR 57334.  [Yann Ylavic].
 

diff --git a/STATUS b/STATUS
index 1b89c90b98717d0465e7b3326f16eba3320047c4..14ef3dfeec494d5b9a4b7fec1f4fe6913239653e 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -106,11 +106,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_ssl: Fix merge of SSLProtocol ALL in virtualhost context PR57100
-     trunk patch: http://svn.apache.org/r1653997
-     2.4.x patch: trunk works
-     +1: ylavic, covener, jim
-
    * mod_alias: Introduce expression parser support for Alias, ScriptAlias
      and Redirect.
      trunk patch: http://svn.apache.org/r1653941

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index e3c147ad28b3644e64663e4cb00ae37edc8ce3a1..54ad75f556b45ad6b62447c7a906b68257e9ccc7 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -111,6 +111,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
 #endif
 
     mctx->protocol            = SSL_PROTOCOL_ALL;
+    mctx->protocol_set        = 0;
 
     mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
     mctx->pphrase_dialog_path = NULL;
@@ -254,7 +255,12 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p,
                                  modssl_ctx_t *add,
                                  modssl_ctx_t *mrg)
 {
-    cfgMerge(protocol, SSL_PROTOCOL_ALL);
+    if (add->protocol_set) {
+        mrg->protocol = add->protocol;
+    }
+    else {
+        mrg->protocol = base->protocol;
+    }
 
     cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
     cfgMergeString(pphrase_dialog_path);
@@ -1378,6 +1384,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
+    sc->server->protocol_set = 1;
     return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol);
 }
 
@@ -1396,6 +1403,7 @@ const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd,
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
+    sc->proxy->protocol_set = 1;
     return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol);
 }
 

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 98e9d35a17b9118973ad8f41e29fd7165628d27f..db099791baf441c99ad372257e21cba447d2dc29 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -576,6 +576,7 @@ typedef struct {
 #endif
 
     ssl_proto_t  protocol;
+    int protocol_set;
 
     /** config for handling encrypted keys */
     ssl_pphrase_t pphrase_dialog_type;