From 35c192e8685d8b06102dea7daa0c46f360b798db Mon Sep 17 00:00:00 2001 From: Rainer Jung Date: Sat, 13 Feb 2016 01:52:31 +0000 Subject: [PATCH] Support OpenSSL 1.1.0: - Fix renegotiation for the client side of a proxy connection. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1730146 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_kernel.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 770bb7e3be..749ec1b29d 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2139,7 +2139,9 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc) if (state == SSL3_ST_SR_CLNT_HELLO_A || state == SSL23_ST_SR_CLNT_HELLO_A) { #else - if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_REJECT) { + if (!scr->is_proxy && + (where & SSL_CB_HANDSHAKE_START) && + scr->reneg_state == RENEG_REJECT) { #endif scr->reneg_state = RENEG_ABORT; ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042) @@ -2149,13 +2151,18 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc) #endif } #if OPENSSL_VERSION_NUMBER >= 0x10100000L - else if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_ALLOW) { + else if (!scr->is_proxy && + (where & SSL_CB_HANDSHAKE_START) && + scr->reneg_state == RENEG_ALLOW) { scr->reneg_state = RENEG_STARTED; } - else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_STARTED) { + else if (!scr->is_proxy && + (where & SSL_CB_HANDSHAKE_DONE) && + scr->reneg_state == RENEG_STARTED) { scr->reneg_state = RENEG_DONE; } - else if ((where & SSL_CB_ALERT) && + else if (!scr->is_proxy && + (where & SSL_CB_ALERT) && (scr->reneg_state == RENEG_ALLOW || scr->reneg_state == RENEG_STARTED)) { scr->reneg_state = RENEG_ALERT; } -- 2.50.1