From a412db08b247fd3f810c11b1ef6803024fc03600 Mon Sep 17 00:00:00 2001 From: Cliff Woolley Date: Tue, 30 Apr 2002 17:10:12 +0000 Subject: [PATCH] Revert optimization from circa 2.0.34 that caused very long vhost id's to be unusable with mod_ssl. PR: 8572 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94881 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ modules/ssl/mod_ssl.c | 10 ++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 384d635be2..b6a954bbbf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ Changes with Apache 2.0.37 + *) Reverted a minor optimization in mod_ssl.c that used the vhost ID + as the session id context rather that a MD5 hash of that vhost ID, + because it caused very long vhost id's to be unusable with mod_ssl. + PR 8572. [Cliff Woolley] + *) Fix the link to the description of the CoredumpDirectory directive in the server-wide document. PR 8643. [Jeff Trawick] diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index c1a0c27163..64e366d165 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -279,6 +279,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) SSLSrvConfigRec *sc = mySrvConfig(c->base_server); SSL *ssl; SSLConnRec *sslconn = myConnConfig(c); + char *vhost_md5; modssl_ctx_t *mctx; /* @@ -334,12 +335,13 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) return DECLINED; /* XXX */ } - if (!SSL_set_session_id_context(ssl, - (unsigned char *)sc->vhost_id, - sc->vhost_id_len)) + vhost_md5 = ap_md5_binary(c->pool, sc->vhost_id, sc->vhost_id_len); + + if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5, + MD5_DIGESTSIZE*2)) { ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, - "Unable to set session id context to `%s'", sc->vhost_id); + "Unable to set session id context to `%s'", vhost_md5); c->aborted = 1; -- 2.40.0