httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From di...@apache.org
Subject svn commit: r627699 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Date Thu, 14 Feb 2008 10:24:11 GMT
Author: dirkx
Date: Thu Feb 14 02:24:04 2008
New Revision: 627699

URL: http://svn.apache.org/viewvc?rev=627699&view=rev
Log:
Kasper Brand came across a flaw in the current implementation when CRL 
information - i.e.  SSLCARevocationFile/SSLCARevocationPath - is set 
on a per-vhost basis (don't know how much sense it makes to have 
non-global CRLs, but anyway...).

The attached patch (47B2B1A7.1060009@velox.ch on httpd-dev) addresses 
this issue, and it also improves the logging behavior for an SNI 
enabled configuration (previously some of the messages would 
always go to the first vhost, or wouldn't appear at
all, depending on the LogLevel of the first vhost).

reviewed: dirkx


Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=627699&r1=627698&r2=627699&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Feb 14 02:24:04 2008
@@ -2022,6 +2022,26 @@
                            SSL_CTX_get_verify_callback(ssl->ctx));
         }
 
+        /*
+         * We also need to make sure that the correct mctx is
+         * assigned to the connection - the CRL callback e.g.
+         * makes use of it for retrieving its store (mctx->crl).
+         */
+        c->base_server = s;
+
+        /* Since logging in callbacks uses c->base_server in many
+         * cases, it also ensures that these messages are routed
+         * to the proper log.  And finally, there is one special
+         * filter callback, which is set very early depending on the
+         * base_server's log level. If this is not the first vhost
+         * we're now selecting (and the first vhost doesn't use
+         * APLOG_DEBUG), then we need to set that callback here.
+         */
+        if (c->base_server->loglevel >= APLOG_DEBUG) {
+            BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
+            BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
+        }
+
         return 1;
     }
 



Mime
View raw message