From d8fd328cfbf83ef81a42edce7720ad13ac012480 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jan=20Kalu=C5=BEa?= <jkaluza@apache.org>
Date: Mon, 20 Oct 2014 09:18:22 +0000
Subject: [PATCH] mod_ssl: Fix SSL_CLIENT_VERIFY value when "SSLVerifyClient
 optional_no_ca" and SSLSessionCache are used and SSL session is resumed.
 SSL_CLIENT_VERIFY value has been set to SUCCESS on resumption even when
 originally it was set to GENEROUS. PR 53193.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1633085 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_io.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index c7cbaa3e67..b1f4bda8f9 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1322,6 +1322,11 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
                           "\"SSLVerifyClient optional_no_ca\" "
                           "configuration");
             ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
+
+            /* on session resumption ssl_callback_SSLVerify() 
+             * will not be called, therefore we have to set it here
+             */
+            sslconn->verify_info = "GENEROUS";
         }
         else {
             const char *error = sslconn->verify_error ?
-- 
2.50.1