From: Yann Ylavic Date: Wed, 4 Apr 2018 23:36:05 +0000 (+0000) Subject: mod_ssl: Fix merging of proxy SSL context outside sections. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e9ce7c5f0bc5e95bc875504a609653c60b7927de;p=apache mod_ssl: Fix merging of proxy SSL context outside sections. Regression introduced in 2.4.30. PR 62232. The proxy SSL_CTX was not inherited from the vhost (the only available in 2.4.29) in/for any directory context besides ... Mostly debugged and fixed by Rainer, thanks! git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828390 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 9bc8534427..b215db5d9f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ssl: Fix merging of proxy SSL context outside sections, + regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic] + *) mod_ssl: proper checks for libressl 2.07/8 and its TLSv1_3 support, see PR 62236. [Bernard Spil ] diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index c6ff191b56..832bb5ff6a 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -467,13 +467,21 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) cfgMergeInt(nRenegBufferSize); mrg->proxy_post_config = add->proxy_post_config; - if (!add->proxy_post_config) { + if (!mrg->proxy_post_config) { cfgMergeBool(proxy_enabled); modssl_ctx_init_proxy(mrg, p); modssl_ctx_cfg_merge_proxy(p, base->proxy, add->proxy, mrg->proxy); + + /* Since ssl_proxy_section_post_config() hook won't be called if there + * is no SSLProxy* in this dir config, the ssl_ctx may still be NULL + * here at runtime. Merging it is either a no-op (NULL => NULL) because + * we are still before post config, or we really want to reuse the one + * from the upper/server context (outside of sections). + */ + cfgMerge(proxy->ssl_ctx, NULL); } else { - /* post_config hook has already merged and initialized the + /* The post_config hook has already merged and initialized the * proxy context, use it. */ mrg->proxy_enabled = add->proxy_enabled;