httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stri...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
Date Wed, 09 Jul 2003 12:27:13 GMT
striker     2003/07/09 05:27:13

  Modified:    .        CHANGES
               modules/ssl ssl_engine_kernel.c
  Log:
  Forward port patch for CAN-2003-0192 from 2.0.
  
  SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
  of per-directory renegotiations and the SSLCipherSuite directive
  being used to upgrade from a weak ciphersuite to a strong one
  could result in the weak ciphersuite being used in place of the
  strong one.  [Ben Laurie]
  
  Revision  Changes    Path
  1.1216    +6 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1215
  retrieving revision 1.1216
  diff -u -r1.1215 -r1.1216
  --- CHANGES	9 Jul 2003 12:24:51 -0000	1.1215
  +++ CHANGES	9 Jul 2003 12:27:11 -0000	1.1216
  @@ -169,6 +169,12 @@
   
   Changes with Apache 2.0.47
   
  +  *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
  +     of per-directory renegotiations and the SSLCipherSuite directive
  +     being used to upgrade from a weak ciphersuite to a strong one
  +     could result in the weak ciphersuite being used in place of the
  +     strong one.  [Ben Laurie]
  +
     *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing
        temporary denial of service when accept() on a rarely accessed port
        returns certain errors.  Reported by Saheed Akhtar
  
  
  
  1.95      +1 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.94
  retrieving revision 1.95
  diff -u -r1.94 -r1.95
  --- ssl_engine_kernel.c	22 May 2003 19:41:32 -0000	1.94
  +++ ssl_engine_kernel.c	9 Jul 2003 12:27:12 -0000	1.95
  @@ -442,7 +442,7 @@
           SSL_set_verify_result(ssl, X509_V_OK);
   
           /* determine whether we've to force a renegotiation */
  -        if (verify != verify_old) {
  +        if (!renegotiate && verify != verify_old) {
               if (((verify_old == SSL_VERIFY_NONE) &&
                    (verify     != SSL_VERIFY_NONE)) ||
   
  
  
  

Mime
View raw message