From f5df26674cbf5f7e50649ffebd564dbad6a097c9 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Mon, 2 Mar 2015 11:10:30 +0000 Subject: [PATCH] Merge r1653997 from trunk: mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored in virtualhost context (new version of r1653906 reverted by r1653993). Submitted By: Michael Kaufmann Committed/modified By: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1663258 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ STATUS | 5 ----- modules/ssl/ssl_engine_config.c | 10 +++++++++- modules/ssl/ssl_private.h | 1 + 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 0a6da3b3d7..02468a38e5 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.4.13 + *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. + PR 57100. [Michael Kaufmann , + Yann Ylavic] + *) mod_ssl: Fix renegotiation failures redirected to an ErrorDocument. PR 57334. [Yann Ylavic]. diff --git a/STATUS b/STATUS index 1b89c90b98..14ef3dfeec 100644 --- a/STATUS +++ b/STATUS @@ -106,11 +106,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: Fix merge of SSLProtocol ALL in virtualhost context PR57100 - trunk patch: http://svn.apache.org/r1653997 - 2.4.x patch: trunk works - +1: ylavic, covener, jim - * mod_alias: Introduce expression parser support for Alias, ScriptAlias and Redirect. trunk patch: http://svn.apache.org/r1653941 diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index e3c147ad28..54ad75f556 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -111,6 +111,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p) #endif mctx->protocol = SSL_PROTOCOL_ALL; + mctx->protocol_set = 0; mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET; mctx->pphrase_dialog_path = NULL; @@ -254,7 +255,12 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p, modssl_ctx_t *add, modssl_ctx_t *mrg) { - cfgMerge(protocol, SSL_PROTOCOL_ALL); + if (add->protocol_set) { + mrg->protocol = add->protocol; + } + else { + mrg->protocol = base->protocol; + } cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET); cfgMergeString(pphrase_dialog_path); @@ -1378,6 +1384,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + sc->server->protocol_set = 1; return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol); } @@ -1396,6 +1403,7 @@ const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd, { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + sc->proxy->protocol_set = 1; return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol); } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 98e9d35a17..db099791ba 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -576,6 +576,7 @@ typedef struct { #endif ssl_proto_t protocol; + int protocol_set; /** config for handling encrypted keys */ ssl_pphrase_t pphrase_dialog_type; -- 2.50.1