From: Jim Jagielski <jim@apache.org>
Date: Sun, 19 Apr 2015 18:00:08 +0000 (+0000)
Subject: Merge r1520445, r1672985, r1672989, r1673769 from trunk:
X-Git-Tag: 2.4.13~192
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=da368a8fe9effef1cdf212b33693a2ea750e94e9;p=apache

Merge r1520445, r1672985, r1672989, r1673769 from trunk:

Add a warning if protocol given in SSLProtocol  or SSLProxyProtocol will override other parameters given in the same directive.
This could be a missing + or - prefix.

PR 52820

Tweak log message

Add CHANGES entry before backport proposal

Follow-up to r1520445:

Tweak error message for clarity

Submitted by: jailletc36, trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674655 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index e0722c8151..86ecc8d0a9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,10 @@ Changes with Apache 2.4.13
      calls r:wsupgrade() can cause a child process crash. 
      [Edward Lu <Chaosed0 gmail.com>]
 
+  *) ssl: Add a warning if protocol given in SSLProtocol or SSLProxyProtocol
+     will override other parameters given in the same directive. This could be
+     a missing + or - prefix.  PR 52820 [Christophe Jaillet]
+
   *) mod_proxy: Use the correct server name for SNI in case the backend
      SSL connection itself is established via a proxy server.
      PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
diff --git a/STATUS b/STATUS
index 8b6bba3f9a..8682ddcd2a 100644
--- a/STATUS
+++ b/STATUS
@@ -105,15 +105,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) ssl: Add a warning if protocol given in SSLProtocol or SSLProxyProtocol
-     will override other parameters given in the same directive. This could be
-     a missing + or - prefix.  PR 52820 [Christophe Jaillet]
-     trunk patch: http://svn.apache.org/r1520445
-                  http://svn.apache.org/r1672985
-                  http://svn.apache.org/r1672989 (CHANGES)
-                  http://svn.apache.org/r1673769
-     2.4.x patch: trunk works (modulo CHANGES)
-     +1: jailletc36, ylavic, covener
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 54ad75f556..b3c05f523c 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -1360,8 +1360,7 @@ static const char *ssl_cmd_protocol_parse(cmd_parms *parms,
         else {
             return apr_pstrcat(parms->temp_pool,
                                parms->cmd->name,
-                               ": Illegal protocol '",
-                               w, "'", NULL);
+                               ": Illegal protocol '", w, "'", NULL);
         }
 
         if (action == '-') {
@@ -1371,6 +1370,12 @@ static const char *ssl_cmd_protocol_parse(cmd_parms *parms,
             *options |= thisopt;
         }
         else {
+            if (*options != SSL_PROTOCOL_NONE) {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, parms->server, APLOGNO(02532)
+                             "%s: Protocol '%s' overrides already set parameter(s). "
+                             "Check if a +/- prefix is missing.",
+                             parms->cmd->name, w);
+            }
             *options = thisopt;
         }
     }