From 16e5cdde498027254084025a100b219073f8d56f Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Tue, 6 Dec 2005 10:21:41 +0000 Subject: [PATCH] * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further access control checks if SSL is not in use regardless of vhost settings. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Submitted by: Rüdiger Plüm, Joe Orton PR: 37791 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@354394 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 6 ++++++ modules/ssl/ssl_engine_kernel.c | 7 +++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 3fec516c17..d1291637a3 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,12 @@ Changes with Apache 2.3.0 [Remove entries to the current 2.0 and 2.2 section below, when backported] + *) mod_ssl: Fix a possible crash during access control checks if a + non-SSL request is processed for an SSL vhost (such as the + "HTTP request received on SSL port" error message when an 400 + ErrorDocument is configured, or if using "SSLEngine optional"). + PR 37791. [Rüdiger Plüm, Joe Orton] + *) mod_proxy_balancer: Sticky session identifiers supplied in URL do not work. PR37753. [Ruediger Pluem, Kazuhiro Osawa ] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 688cb47359..4ca5931923 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -202,11 +202,14 @@ int ssl_hook_Access(request_rec *r) } /* - * Check to see if SSL protocol is on + * Check to see whether SSL is in use; if it's not, then no + * further access control checks are relevant. (the test for + * sc->enabled is probably strictly unnecessary) */ - if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) { + if (sc->enabled == SSL_ENABLED_FALSE || !ssl) { return DECLINED; } + /* * Support for per-directory reconfigured SSL connection parameters. * -- 2.40.0