From: Doug MacEachern <dougm@apache.org>
Date: Thu, 22 Nov 2001 00:25:00 +0000 (+0000)
Subject: move c->notes.ssl::verify::depth to SSLConnRec.verify_depth
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=177f2286f61f485ad0522c630960db7b0836470b;p=apache

move c->notes.ssl::verify::depth to SSLConnRec.verify_depth
note: may actually be removed unless somebody can figure out why it is in
there to begin with
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92111 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 3977c73b08..62452dd502 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -274,7 +274,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
     SSL_set_app_data(ssl, c);
     apctx = apr_table_make(c->pool, AP_CTX_MAX_ENTRIES);
     apr_table_setn(apctx, "ssl::request_rec", NULL);
-    apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
     SSL_set_app_data2(ssl, apctx);
 
     sslconn->ssl = ssl;
diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 50471a81d1..32a3e8081e 100644
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -462,6 +462,7 @@ typedef struct {
     ssl_shutdown_type_e shutdown_type;
     const char *verify_info;
     const char *verify_error;
+    int verify_depth;
 } SSLConnRec;
 
 typedef struct {
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 19c13eb5e2..ee888aea92 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -371,11 +371,9 @@ int ssl_hook_Access(request_rec *r)
     STACK_OF(SSL_CIPHER) *skCipherOld;
     STACK_OF(SSL_CIPHER) *skCipher;
     SSL_CIPHER *pCipher;
-    apr_table_t *apctx;
     int nVerifyOld;
     int nVerify;
     int n;
-    void *vp;
     int rc;
 
     dc  = myDirConfig(r);
@@ -522,13 +520,11 @@ int ssl_hook_Access(request_rec *r)
      * restriction on the certificate chain).
      */
     if (dc->nVerifyDepth != UNSET) {
-        apctx = (apr_table_t *)SSL_get_app_data2(ssl);
-        if ((vp = (void *)apr_table_get(apctx, "ssl::verify::depth")) != NULL)
-            n = (int)AP_CTX_PTR2NUM(vp);
-        else
-            n = sc->nVerifyDepth;
-        apr_table_setn(apctx, "ssl::verify::depth",
-                   (const char *)AP_CTX_NUM2PTR(dc->nVerifyDepth));
+        /* XXX: doesnt look like sslconn->verify_depth is actually used */
+        if (!(n = sslconn->verify_depth)) {
+            sslconn->verify_depth = n = sc->nVerifyDepth;
+        }
+
         /* determine whether a renegotiation has to be forced */
         if (dc->nVerifyDepth < n) {
             renegotiate = TRUE;