httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kbr...@apache.org
Subject svn commit: r1467593 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Date Sat, 13 Apr 2013 11:14:55 GMT
Author: kbrand
Date: Sat Apr 13 11:14:55 2013
New Revision: 1467593

URL: http://svn.apache.org/r1467593
Log:
Extend check for encrypted private keys: with OpenSSL versions prior to 1.0.0,
inf->x_pkey->dec_pkey is always non-NULL, so also look at inf->enc_data.

PR 54698.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1467593&r1=1467592&r2=1467593&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sat Apr 13 11:14:55 2013
@@ -1356,7 +1356,8 @@ static void ssl_init_proxy_certs(server_
     for (n = 0; n < ncerts; n++) {
         X509_INFO *inf = sk_X509_INFO_value(sk, n);
 
-        if (!inf->x509 || !inf->x_pkey || !inf->x_pkey->dec_pkey) {
+        if (!inf->x509 || !inf->x_pkey || !inf->x_pkey->dec_pkey ||
+            inf->enc_data) {
             sk_X509_INFO_free(sk);
             ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, APLOGNO(02252)
                          "incomplete client cert configured for SSL proxy "



Mime
View raw message