From: Doug MacEachern <dougm@apache.org>
Date: Fri, 29 Mar 2002 02:06:57 +0000 (+0000)
Subject: proxy needs to use client ssl method
X-Git-Tag: 2.0.34~52
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=192828c57c44dc86204f717395be59f5685bc51e;p=apache

proxy needs to use client ssl method


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94282 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index c57540f86f..87da1f4e63 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -407,6 +407,7 @@ static void ssl_init_ctx(server_rec *s,
                          modssl_ctx_t *mctx)
 {
     SSL_CTX *ctx = NULL;
+    SSL_METHOD *method = NULL;
     char *cp;
     int protocol = mctx->protocol;
 
@@ -430,10 +431,16 @@ static void ssl_init_ctx(server_rec *s,
             "Creating new SSL context (protocols: %s)", cp);
 
     if (protocol == SSL_PROTOCOL_SSLV2) {
-        ctx = SSL_CTX_new(SSLv2_server_method());  /* only SSLv2 is left */
+        method = mctx->pkp ?
+            SSLv2_client_method() : /* proxy */
+            SSLv2_server_method();  /* server */
+        ctx = SSL_CTX_new(method);  /* only SSLv2 is left */
     }
     else {
-        ctx = SSL_CTX_new(SSLv23_server_method()); /* be more flexible */
+        method = mctx->pkp ?
+            SSLv23_client_method() : /* proxy */
+            SSLv23_server_method();  /* server */
+        ctx = SSL_CTX_new(method); /* be more flexible */
     }
 
     mctx->ssl_ctx = ctx;