httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1069772 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_pphrase.c
Date Fri, 11 Feb 2011 12:26:57 GMT
Author: jorton
Date: Fri Feb 11 12:26:57 2011
New Revision: 1069772

URL: http://svn.apache.org/viewvc?rev=1069772&view=rev
Log:
* modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle): Fix possible
  startup failure in cases where multiple vhosts share the same
  "vhost-id" and private key file.  The cached-key case would
  previously cause an abrupt return from the function, which could
  prevent processing of configured keypairs for other vhosts.  There
  is no apparent reason to check for a "cache hit" against cached keys
  using *any* algorithm types; instead only check against a key with
  the matching type.

Submitted by: Masahiro Matsuya <matsuya redhat.com>, jorton

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1069772&r1=1069771&r2=1069772&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Feb 11 12:26:57 2011
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.3.11
 
+  *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
+     are configured with the same ServerName and private key file.
+     [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
+
   *) mod_socache_dc: Make module compile by fixing some typos.
      PR 50735 [Mark Montague <mark catseye.org>]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c?rev=1069772&r1=1069771&r2=1069772&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c Fri Feb 11 12:26:57 2011
@@ -211,6 +211,7 @@ void ssl_pphrase_Handle(server_rec *s, a
                  && (sc->server->pks->cert_files[i] != NULL
                      || sc->server->pkcs7); i++) {
             const char *key_id;
+            int using_cache = 0;
 
             if (sc->server->pkcs7) {
                 STACK_OF(X509) *certs = ssl_read_pkcs7(pServ,
@@ -349,22 +350,17 @@ void ssl_pphrase_Handle(server_rec *s, a
                  * are used to give a better idea as to what failed.
                  */
                 if (pkey_mtime) {
-                    int i;
-
-                    for (i=0; i < SSL_AIDX_MAX; i++) {
-                        const char *key_id =
-                            ssl_asn1_table_keyfmt(p, cpVHostID, i);
-                        ssl_asn1_t *asn1 =
-                            ssl_asn1_table_get(mc->tPrivateKey, key_id);
-
-                        if (asn1 && (asn1->source_mtime == pkey_mtime)) {
-                            ap_log_error(APLOG_MARK, APLOG_INFO,
-                                         0, pServ,
-                                         "%s reusing existing "
-                                         "%s private key on restart",
-                                         cpVHostID, ssl_asn1_keystr(i));
-                            return;
-                        }
+                    ssl_asn1_t *asn1 =
+                        ssl_asn1_table_get(mc->tPrivateKey, key_id);
+                    
+                    if (asn1 && (asn1->source_mtime == pkey_mtime)) {
+                        ap_log_error(APLOG_MARK, APLOG_INFO,
+                                     0, pServ,
+                                     "%s reusing existing "
+                                     "%s private key on restart",
+                                     cpVHostID, ssl_asn1_keystr(i));
+                        using_cache = 1;
+                        break;
                     }
                 }
 
@@ -468,6 +464,12 @@ void ssl_pphrase_Handle(server_rec *s, a
                 ssl_die();
             }
 
+            /* If a cached private key was found, nothing more to do
+             * here; loop through to the next configured cert for this
+             * vhost. */
+            if (using_cache)
+                continue;
+
             if (pPrivateKey == NULL) {
                 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
                             "Init: Unable to read server private key from "



Mime
View raw message