httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1137394 - in /httpd/httpd/trunk: CHANGES modules/ssl/mod_ssl.c modules/ssl/ssl_engine_kernel.c
Date Sun, 19 Jun 2011 18:03:56 GMT
Author: sf
Date: Sun Jun 19 18:03:55 2011
New Revision: 1137394

URL: http://svn.apache.org/viewvc?rev=1137394&view=rev
Log:
Avoid unnecessary renegotiations with SSLVerifyDepth 0.

PR: 48215
Submitted by: Kaspar Brand <asfbugz velox ch>

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1137394&r1=1137393&r2=1137394&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Jun 19 18:03:55 2011
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.13
 
+  *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0.
+     PR 48215. [Kaspar Brand]
+
   *) mod_status: Display information about asynchronous connections in the
      server-status. PR 44377. [Stefan Fritsch]
 

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1137394&r1=1137393&r2=1137394&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Sun Jun 19 18:03:55 2011
@@ -339,6 +339,7 @@ static SSLConnRec *ssl_init_connection_c
     sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
 
     sslconn->server = c->base_server;
+    sslconn->verify_depth = UNSET;
 
     myConnConfigSet(c, sslconn);
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1137394&r1=1137393&r2=1137394&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sun Jun 19 18:03:55 2011
@@ -499,7 +499,7 @@ int ssl_hook_Access(request_rec *r)
      * currently active/remembered verify depth (because this means more
      * restriction on the certificate chain).
      */
-    n = sslconn->verify_depth ?
+    n = (sslconn->verify_depth != UNSET) ?
         sslconn->verify_depth :
         (mySrvConfig(handshakeserver))->server->auth.verify_depth;
     /* determine the new depth */



Mime
View raw message