httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r770907 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_config.c ssl_private.h
Date Sat, 02 May 2009 07:48:00 GMT
Author: rpluem
Date: Sat May  2 07:47:59 2009
New Revision: 770907

URL: http://svn.apache.org/viewvc?rev=770907&view=rev
Log:
* As proposed by wrowe on list always define SSLStrictSNIVHostCheck, but error
  out if we are not compiled against an SNI capable OpenSSL.

Modified:
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=770907&r1=770906&r2=770907&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Sat May  2 07:47:59 2009
@@ -129,10 +129,8 @@
     SSL_CMD_SRV(LogLevelDebugDump, TAKE1,
                 "Include I/O Dump when LogLevel is set to Debug "
                 "([ None (default) | IO (not bytes) | Bytes ])")
-#ifndef OPENSSL_NO_TLSEXT
     SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
                 "Strict SNI virtual host checking")
-#endif
 
     /*
      * Proxy configuration for remote SSL connections

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=770907&r1=770906&r2=770907&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Sat May  2 07:47:59 2009
@@ -1446,16 +1446,20 @@
     return NULL;
 }
 
-#ifndef OPENSSL_NO_TLSEXT
 const char  *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag)
 {
+#ifndef OPENSSL_NO_TLSEXT
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
     sc->strict_sni_vhost_check = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
 
     return NULL;
-}
+#else
+    return "SSLStrictSNIVHostCheck failed; OpenSSL is not built with support "
+           "for TLS extensions and SNI indication. Refer to the "
+           "documentation, and build a compatible version of OpenSSL.";
 #endif
+}
 
 void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
 {

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=770907&r1=770906&r2=770907&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Sat May  2 07:47:59 2009
@@ -547,9 +547,7 @@
 const char  *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg);
-#ifndef OPENSSL_NO_TLSEXT
 const char  *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag);
-#endif
 
 const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);



Mime
View raw message