From: William A. Rowe Jr <wrowe@apache.org>
Date: Mon, 22 Mar 2010 08:47:26 +0000 (+0000)
Subject: Fix BOOL fips handling for UNSET values, and hack a vc compiler warning
X-Git-Tag: 2.3.6~317
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f78ddd0f6c9af6af57e6ccc04ab57f564e5c8407;p=apache

Fix BOOL fips handling for UNSET values, and hack a vc compiler warning

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@926000 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 1ba2febafc..7d9bec67f2 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -192,6 +192,9 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
 #ifndef OPENSSL_NO_TLSEXT
     sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
 #endif
+#ifdef HAVE_FIPS
+    sc->fips                   = UNSET;
+#endif
 
     modssl_ctx_init_proxy(sc, p);
 
@@ -292,9 +295,6 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
 
     cfgMerge(mc, NULL);
     cfgMerge(enabled, SSL_ENABLED_UNSET);
-#ifdef HAVE_FIPS
-    cfgMergeBool(fips);
-#endif
     cfgMergeBool(proxy_enabled);
     cfgMergeInt(session_cache_timeout);
     cfgMergeBool(cipher_server_pref);
@@ -305,6 +305,9 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
 #ifndef OPENSSL_NO_TLSEXT
     cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
 #endif
+#ifdef HAVE_FIPS
+    cfgMergeBool(fips);
+#endif
 
     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
 
@@ -588,7 +591,7 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *cmd, void *dcfg, int flag)
     }
 
 #ifdef HAVE_FIPS
-    if ((sc->fips != UNSET) && (sc->fips != (flag ? TRUE : FALSE)))
+    if ((sc->fips != UNSET) && (sc->fips != (BOOL)(flag ? TRUE : FALSE)))
         return "Conflicting SSLFIPS options, cannot be both On and Off";
     sc->fips = flag ? TRUE : FALSE;
 #else
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index e65e2604c3..3c6695ce55 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -233,6 +233,9 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
             sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
         }
 
+        if (sc->fips == UNSET) {
+            sc->fips = FALSE;
+        }
     }
 
 #if APR_HAS_THREADS
@@ -258,7 +261,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
 
 #ifdef HAVE_FIPS
     if(sc->fips) {
-        if (!FIPS_mode())
+        if (!FIPS_mode()) {
             if (FIPS_mode_set(1)) {
                 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
                              "Operating in SSL FIPS mode");