From a365a65513cce183b2bed2abae6028b3efd29c43 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Thu, 22 Jan 2015 18:37:06 +0000 Subject: [PATCH] mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored in virtualhost context (new version of r1653906 reverted by r1653993). Submitted By: Michael Kaufmann Committed/modified By: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1653997 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/ssl/ssl_engine_config.c | 10 +++++++++- modules/ssl/ssl_private.h | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 1c8875bce5..2d167f424b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. + PR 57100. [Michael Kaufmann , + Yann Ylavic] + *) mod_alias: Introduce expression parser support for Alias, ScriptAlias and Redirect. [Graham Leggett] diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index eed4e084c3..9f2348d7e5 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -111,6 +111,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p) #endif mctx->protocol = SSL_PROTOCOL_ALL; + mctx->protocol_set = 0; mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET; mctx->pphrase_dialog_path = NULL; @@ -254,7 +255,12 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p, modssl_ctx_t *add, modssl_ctx_t *mrg) { - cfgMerge(protocol, SSL_PROTOCOL_ALL); + if (add->protocol_set) { + mrg->protocol = add->protocol; + } + else { + mrg->protocol = base->protocol; + } cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET); cfgMergeString(pphrase_dialog_path); @@ -1358,6 +1364,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + sc->server->protocol_set = 1; return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol); } @@ -1376,6 +1383,7 @@ const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd, { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + sc->proxy->protocol_set = 1; return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol); } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 140b9c3099..9553e594dc 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -577,6 +577,7 @@ typedef struct { #endif ssl_proto_t protocol; + int protocol_set; /** config for handling encrypted keys */ ssl_pphrase_t pphrase_dialog_type; -- 2.50.1