From 946f1e6b974e96802d89bd98db59bf6887bca1d2 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Tue, 29 May 2018 21:27:15 +0000 Subject: [PATCH] Merge r1829513 from trunk: * modules/ssl/ssl_engine_init.c (ssl_init_Module): Don't enable SSL for a vhost if SSLEnable is not used and no certs are configured, even if the Listen protocol is "https". Restores behaviour to that prior to r1809303 for configs which would now otherwise fail at startup. Submitted by: jorton Reviewed by: jorton, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832495 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/ssl/ssl_engine_init.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 988932b448..571c6108a7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.34 + *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling + which broke some rare but previously-working configs. [Joe Orton] + *) core, log: improve sanity checks for the ErrorLog's syslog config, and explicitly allow ony lowercase 'syslog' settings. PR 62102 [Luca Toscano, Jim Riggs, Christophe Jaillet] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a3a74f474c..c75e51ebdd 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -261,7 +261,8 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, * the protocol is https. */ if (ap_get_server_protocol(s) && strcmp("https", ap_get_server_protocol(s)) == 0 - && sc->enabled == SSL_ENABLED_UNSET) { + && sc->enabled == SSL_ENABLED_UNSET + && (!apr_is_empty_array(sc->server->pks->cert_files))) { sc->enabled = SSL_ENABLED_TRUE; } -- 2.40.0