From: Stefan Eissing Date: Thu, 8 Nov 2018 10:09:21 +0000 (+0000) Subject: *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fe55941af92bf422ef20a03f48231229da41b70c;p=apache *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1846111 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index bc0d220193..51e602ae27 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly + on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] + *) mod_ssl: clear *SSL errors before loading certificates and checking afterwards. Otherwise errors are reported when other SSL using modules are in play. Fixes PR 62880. [Michael Kaufmann] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e91f600e87..1570d8da64 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1605,10 +1605,7 @@ static authz_status ssl_authz_require_ssl_check(request_rec *r, const char *require_line, const void *parsed) { - SSLConnRec *sslconn = myConnConfig(r->connection); - SSL *ssl = sslconn ? sslconn->ssl : NULL; - - if (ssl) + if (modssl_request_is_tls(r, NULL)) return AUTHZ_GRANTED; else return AUTHZ_DENIED;