From ca628a08ca9cf667278782863271d53c4f96d16d Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 10 Mar 2016 12:31:13 +0000
Subject: [PATCH] Merge r1734006 from trunk:

mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake()
hook returns an error.

Submitted by: minfrin
Reviewed by: minfrin, jim, ylavic
Backported by: ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1734396 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES               | 3 +++
 STATUS                | 6 ------
 modules/ssl/mod_ssl.c | 4 +---
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index b2166c00ad..6a6fe5953b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.19
 
+  *) mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake()
+     hook returns an error. [Graham Leggett]
+
   *) mod_rewrite: Add QSL|qslast flag to allow rewrites to files with
      literal question marks in their names. PR 58777. [Eric Covener]
 
diff --git a/STATUS b/STATUS
index 013cb6448f..57009d9912 100644
--- a/STATUS
+++ b/STATUS
@@ -112,12 +112,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake()
-     hook returns an error.
-     trunk patch: http://svn.apache.org/r1734006
-     2.4.x patch: trunk patch works (modulo CHANGES)
-     +1: minfrin, jim, ylavic
-
   *) mod_rewrite: bug in recently backported r1734125.
      trunk patch: http://svn.apache.org/r1734294.
      2.4.x patch: trunk works
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 7506b9d218..835bf55251 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -468,7 +468,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
      * attach this to the socket. Additionally we register this attachment
      * so we can detach later.
      */
-    if (!(ssl = SSL_new(mctx->ssl_ctx))) {
+    if (!(sslconn->ssl = ssl = SSL_new(mctx->ssl_ctx))) {
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01962)
                       "Unable to create a new SSL connection from the SSL "
                       "context");
@@ -497,8 +497,6 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
     SSL_set_app_data(ssl, c);
     modssl_set_app_data2(ssl, NULL); /* will be request_rec */
 
-    sslconn->ssl = ssl;
-
     SSL_set_verify_result(ssl, X509_V_OK);
 
     ssl_io_filter_init(c, r, ssl);
-- 
2.50.0