httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kbr...@apache.org
Subject svn commit: r1588427 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c
Date Fri, 18 Apr 2014 09:07:20 GMT
Author: kbrand
Date: Fri Apr 18 09:07:19 2014
New Revision: 1588427

URL: http://svn.apache.org/r1588427
Log:
Also clear the error queue before calling SSL_CTX_use_certificate[_chain]_file
(workaround for OpenSSL versions before 0.9.8h, see
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=1513).

PR 56410.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1588427&r1=1588426&r2=1588427&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Apr 18 09:07:19 2014
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: add workaround for SSLCertificateFile when using OpenSSL
+     versions before 0.9.8h and not specifying an SSLCertificateChainFile
+     (regression introduced with 2.4.8). PR 56410. [Kaspar Brand]
+
   *) mod_remoteip: Prevent an external proxy from presenting an internal
      proxy. PR 55962. [Mike Rumph]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1588427&r1=1588426&r2=1588427&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr 18 09:07:19 2014
@@ -913,6 +913,8 @@ static apr_status_t ssl_init_server_cert
          i++) {
         key_id = apr_psprintf(ptemp, "%s:%d", vhost_id, i);
 
+        ERR_clear_error();
+
         /* first the certificate (public key) */
         if (mctx->cert_chain) {
             if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile,



Mime
View raw message