httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fua...@apache.org
Subject svn commit: r662815 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Date Tue, 03 Jun 2008 14:49:46 GMT
Author: fuankg
Date: Tue Jun  3 07:49:46 2008
New Revision: 662815

URL: http://svn.apache.org/viewvc?rev=662815&view=rev
Log:
Fix client verification problem with SNI and multicerts.
Submitted by: Kaspar Brand <asfbugz velox.ch>

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=662815&r1=662814&r2=662815&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Tue Jun  3 07:49:46 2008
@@ -432,6 +432,11 @@
      * currently active/remembered verify depth (because this means more
      * restriction on the certificate chain).
      */
+    if ((sc->server->auth.verify_depth != UNSET) &&
+        (dc->nVerifyDepth == UNSET)) {
+        /* apply per-vhost setting, if per-directory config is not set */
+        dc->nVerifyDepth = sc->server->auth.verify_depth;
+    }
     if (dc->nVerifyDepth != UNSET) {
         /* XXX: doesnt look like sslconn->verify_depth is actually used */
         if (!(n = sslconn->verify_depth)) {
@@ -461,6 +466,11 @@
      * verification but at least skip the I/O-intensive renegotation
      * handshake.
      */
+    if ((sc->server->auth.verify_mode != SSL_CVERIFY_UNSET) &&
+        (dc->nVerifyClient == SSL_CVERIFY_UNSET)) {
+        /* apply per-vhost setting, if per-directory config is not set */
+        dc->nVerifyClient = sc->server->auth.verify_mode;
+    }
     if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
         /* remember old state */
         verify_old = SSL_get_verify_mode(ssl);



Mime
View raw message