Fix BOOL fips handling for UNSET values, and hack a vc compiler warning

author William A. Rowe Jr <wrowe@apache.org>

Mon, 22 Mar 2010 08:47:26 +0000 (08:47 +0000)

committer William A. Rowe Jr <wrowe@apache.org>

Mon, 22 Mar 2010 08:47:26 +0000 (08:47 +0000)
author William A. Rowe Jr <wrowe@apache.org>
Mon, 22 Mar 2010 08:47:26 +0000 (08:47 +0000)
committer William A. Rowe Jr <wrowe@apache.org>
Mon, 22 Mar 2010 08:47:26 +0000 (08:47 +0000)
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c

index 1ba2febafcd3e4898314ca1aa9bd3409a3614feb..7d9bec67f278bba2dee75a0e5bf29f486e75408b 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -192,6 +192,9 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
  #ifndef OPENSSL_NO_TLSEXT
      sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
  #endif
+#ifdef HAVE_FIPS
+    sc->fips                   = UNSET;
+#endif
  
      modssl_ctx_init_proxy(sc, p);
  
@@ -292,9 +295,6 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
  
      cfgMerge(mc, NULL);
      cfgMerge(enabled, SSL_ENABLED_UNSET);
-#ifdef HAVE_FIPS
-    cfgMergeBool(fips);
-#endif
      cfgMergeBool(proxy_enabled);
      cfgMergeInt(session_cache_timeout);
      cfgMergeBool(cipher_server_pref);
@@ -305,6 +305,9 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
  #ifndef OPENSSL_NO_TLSEXT
      cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
  #endif
+#ifdef HAVE_FIPS
+    cfgMergeBool(fips);
+#endif
  
      modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
  
@@ -588,7 +591,7 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *cmd, void *dcfg, int flag)
      }
  
  #ifdef HAVE_FIPS
-    if ((sc->fips != UNSET) && (sc->fips != (flag ? TRUE : FALSE)))
+    if ((sc->fips != UNSET) && (sc->fips != (BOOL)(flag ? TRUE : FALSE)))
          return "Conflicting SSLFIPS options, cannot be both On and Off";
      sc->fips = flag ? TRUE : FALSE;
  #else
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c

index e65e2604c397df59af2952b399b2b88d586f4b37..3c6695ce55a2ffd1a775f4bd5d547969df797966 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -233,6 +233,9 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
              sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
          }
  
+        if (sc->fips == UNSET) {
+            sc->fips = FALSE;
+        }
      }
  
  #if APR_HAS_THREADS
@@ -258,7 +261,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
  
  #ifdef HAVE_FIPS
      if(sc->fips) {
-        if (!FIPS_mode())
+        if (!FIPS_mode()) {
              if (FIPS_mode_set(1)) {
                  ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
                               "Operating in SSL FIPS mode");
author	William A. Rowe Jr <wrowe@apache.org>
	Mon, 22 Mar 2010 08:47:26 +0000 (08:47 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Mon, 22 Mar 2010 08:47:26 +0000 (08:47 +0000)
modules/ssl/ssl_engine_config.c		patch \| blob \| history
modules/ssl/ssl_engine_init.c		patch \| blob \| history