From: Jim Jagielski Date: Thu, 17 Apr 2014 13:38:14 +0000 (+0000) Subject: Merge r1585918 from trunk: X-Git-Tag: 2.4.10~322 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=52f538c42ba5819bb4bdfce575fd67c7f8fc6021;p=apache Merge r1585918 from trunk: Only read "active" values from the key_files array. PR 56306. Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588246 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index d0e87916d1..cd033b689f 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.10 + *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values + (and logging garbled file names). PR 56306. [Kaspar Brand] + *) mod_ssl: fix merging of global and vhost-level settings with the SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd directives. PR 56353. [Kaspar Brand] diff --git a/STATUS b/STATUS index f377172289..d1529b51e4 100644 --- a/STATUS +++ b/STATUS @@ -106,11 +106,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: 2.4.x patch: trunk patch works, modulo CHANGES +1: minfrin, jim, ylavic - * mod_ssl: only read "active" values from the key_files array (PR 56306) - trunk patch: https://svn.apache.org/r1585918 - 2.4.x patch: trunk patch works (modulo CHANGES) - +1: kbrand, ylavic, jorton - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 21c68a1a2f..15cd6f56af 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -906,9 +906,11 @@ static apr_status_t ssl_init_server_certs(server_rec *s, } /* and second, the private key */ - keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *); - if (keyfile == NULL) + if (i < mctx->pks->key_files->nelts) { + keyfile = APR_ARRAY_IDX(mctx->pks->key_files, i, const char *); + } else { keyfile = certfile; + } ERR_clear_error();