From ba22522b6fd8611456b366dd0a031829239dcdca Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Mon, 9 Apr 2018 15:30:50 +0000 Subject: [PATCH] Merge r1828390 from trunk: mod_ssl: Fix merging of proxy SSL context outside sections. Regression introduced in 2.4.30. PR 62232. The proxy SSL_CTX was not inherited from the vhost (the only available in 2.4.29) in/for any directory context besides ... Mostly debugged and fixed by Rainer, thanks! Submitted by: ylavic Reviewed by: ylavic, rpluem, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1828735 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 ++++- STATUS | 5 ----- modules/ssl/ssl_engine_config.c | 12 ++++++++++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 3927f86c0b..fa23ab5640 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.34 + *) mod_ssl: Fix merging of proxy SSL context outside sections, + regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic] + *) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard). [Eric Covener] @@ -160,7 +163,7 @@ Changes with Apache 2.4.30 (not released) implementing the Let's Encrypt ACMEv1 protocol to signup and renew certificates. Please read the modules documentation for further instructions on how to use it. [Stefan Eissing] - + *) mod_proxy_html: skip documents shorter than 4 bytes PR 56286 [Micha Lenk ] diff --git a/STATUS b/STATUS index ea3c47c230..45af76910f 100644 --- a/STATUS +++ b/STATUS @@ -118,11 +118,6 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: - *) mod_ssl: Fix merging of proxy SSL context outside sections, - regression introduced in 2.4.30. PR 62232. - trunk patch: http://svn.apache.org/r1828390 - 2.4.x patch: svn merge -c 1828390 ^/httpd/httpd/trunk . - +1: ylavic, rpluem, jim PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 104d84a141..e5fd901658 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -499,13 +499,21 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) cfgMergeInt(nRenegBufferSize); mrg->proxy_post_config = add->proxy_post_config; - if (!add->proxy_post_config) { + if (!mrg->proxy_post_config) { cfgMergeBool(proxy_enabled); modssl_ctx_init_proxy(mrg, p); modssl_ctx_cfg_merge_proxy(p, base->proxy, add->proxy, mrg->proxy); + + /* Since ssl_proxy_section_post_config() hook won't be called if there + * is no SSLProxy* in this dir config, the ssl_ctx may still be NULL + * here at runtime. Merging it is either a no-op (NULL => NULL) because + * we are still before post config, or we really want to reuse the one + * from the upper/server context (outside of sections). + */ + cfgMerge(proxy->ssl_ctx, NULL); } else { - /* post_config hook has already merged and initialized the + /* The post_config hook has already merged and initialized the * proxy context, use it. */ mrg->proxy_enabled = add->proxy_enabled; -- 2.40.0