From: Yann Ylavic Date: Tue, 29 May 2018 21:27:15 +0000 (+0000) Subject: Merge r1829513 from trunk: X-Git-Tag: 2.4.34~148 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=946f1e6b974e96802d89bd98db59bf6887bca1d2;p=apache Merge r1829513 from trunk: * modules/ssl/ssl_engine_init.c (ssl_init_Module): Don't enable SSL for a vhost if SSLEnable is not used and no certs are configured, even if the Listen protocol is "https". Restores behaviour to that prior to r1809303 for configs which would now otherwise fail at startup. Submitted by: jorton Reviewed by: jorton, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832495 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 988932b448..571c6108a7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.34 + *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling + which broke some rare but previously-working configs. [Joe Orton] + *) core, log: improve sanity checks for the ErrorLog's syslog config, and explicitly allow ony lowercase 'syslog' settings. PR 62102 [Luca Toscano, Jim Riggs, Christophe Jaillet] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a3a74f474c..c75e51ebdd 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -261,7 +261,8 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, * the protocol is https. */ if (ap_get_server_protocol(s) && strcmp("https", ap_get_server_protocol(s)) == 0 - && sc->enabled == SSL_ENABLED_UNSET) { + && sc->enabled == SSL_ENABLED_UNSET + && (!apr_is_empty_array(sc->server->pks->cert_files))) { sc->enabled = SSL_ENABLED_TRUE; }