httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r264620 - /httpd/httpd/branches/fips-dev/modules/ssl/ssl_engine_init.c
Date Mon, 29 Aug 2005 19:57:30 GMT
Author: wrowe
Date: Mon Aug 29 12:57:26 2005
New Revision: 264620

URL: http://svn.apache.org/viewcvs?rev=264620&view=rev
Log:

  While eliminating all but TLSv1 (the only FIPS-complient handshaking
  mechansim), I noticed that we have several other single-case methods
  similar to the SSLv2 exception; use the explicit method in preference
  to the generic SSLv23_client|server_method() calls if exactly one
  method is supported.

Modified:
    httpd/httpd/branches/fips-dev/modules/ssl/ssl_engine_init.c

Modified: httpd/httpd/branches/fips-dev/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/fips-dev/modules/ssl/ssl_engine_init.c?rev=264620&r1=264619&r2=264620&view=diff
==============================================================================
--- httpd/httpd/branches/fips-dev/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/fips-dev/modules/ssl/ssl_engine_init.c Mon Aug 29 12:57:26 2005
@@ -446,14 +446,23 @@
         method = mctx->pkp ?
             SSLv2_client_method() : /* proxy */
             SSLv2_server_method();  /* server */
-        ctx = SSL_CTX_new(method);  /* only SSLv2 is left */
     }
-    else {
+    else if (protocol == SSL_PROTOCOL_SSLV3) {
+        method = mctx->pkp ?
+            SSLv3_client_method() : /* proxy */
+            SSLv3_server_method();  /* server */
+    }
+    else if (protocol == SSL_PROTOCOL_TLSV1) {
+        method = mctx->pkp ?
+            TLSv1_client_method() : /* proxy */
+            TLSv1_server_method();  /* server */
+    }
+    else { /* For multiple protocols, we need a flexible method */
         method = mctx->pkp ?
             SSLv23_client_method() : /* proxy */
             SSLv23_server_method();  /* server */
-        ctx = SSL_CTX_new(method); /* be more flexible */
     }
+    ctx = SSL_CTX_new(method);
 
     mctx->ssl_ctx = ctx;
 



Mime
View raw message