From fe55941af92bf422ef20a03f48231229da41b70c Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 8 Nov 2018 10:09:21 +0000 Subject: [PATCH] *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1846111 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/ssl/ssl_engine_kernel.c | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index bc0d220193..51e602ae27 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly + on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] + *) mod_ssl: clear *SSL errors before loading certificates and checking afterwards. Otherwise errors are reported when other SSL using modules are in play. Fixes PR 62880. [Michael Kaufmann] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e91f600e87..1570d8da64 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1605,10 +1605,7 @@ static authz_status ssl_authz_require_ssl_check(request_rec *r, const char *require_line, const void *parsed) { - SSLConnRec *sslconn = myConnConfig(r->connection); - SSL *ssl = sslconn ? sslconn->ssl : NULL; - - if (ssl) + if (modssl_request_is_tls(r, NULL)) return AUTHZ_GRANTED; else return AUTHZ_DENIED; -- 2.50.1