Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 21DE2101DB for ; Thu, 22 Jan 2015 18:27:47 +0000 (UTC) Received: (qmail 41266 invoked by uid 500); 22 Jan 2015 18:27:47 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 41193 invoked by uid 500); 22 Jan 2015 18:27:47 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 41170 invoked by uid 99); 22 Jan 2015 18:27:47 -0000 Received: from eris.apache.org (HELO hades.apache.org) (140.211.11.105) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jan 2015 18:27:47 +0000 Received: from hades.apache.org (localhost [127.0.0.1]) by hades.apache.org (ASF Mail Server at hades.apache.org) with ESMTP id D775EAC010E; Thu, 22 Jan 2015 18:27:46 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1653993 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_private.h Date: Thu, 22 Jan 2015 18:27:46 -0000 To: cvs@httpd.apache.org From: ylavic@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20150122182746.D775EAC010E@hades.apache.org> Author: ylavic Date: Thu Jan 22 18:27:46 2015 New Revision: 1653993 URL: http://svn.apache.org/r1653993 Log: mod_ssl: revert r1653906, will commit an alternative just after. The issue with r1653906 is that existing configurations like "SSLProtocol -SSLv3" (where the default is assumed to be ALL) won't work anymore. Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/modules/ssl/ssl_engine_config.c httpd/httpd/trunk/modules/ssl/ssl_engine_init.c httpd/httpd/trunk/modules/ssl/ssl_private.h Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1653993&r1=1653992&r2=1653993&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Thu Jan 22 18:27:46 2015 @@ -4,9 +4,6 @@ Changes with Apache 2.5.0 *) mod_alias: Introduce expression parser support for Alias, ScriptAlias and Redirect. [Graham Leggett] - *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. - PR 57100. [Michael Kaufmann ] - *) mod_rewrite: Improve 'bad flag delimeters' startup error by showing how the input was tokenized. PR 56528. [Edward Lu ] Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1653993&r1=1653992&r2=1653993&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Thu Jan 22 18:27:46 2015 @@ -110,7 +110,7 @@ static void modssl_ctx_init(modssl_ctx_t mctx->ticket_key = NULL; #endif - mctx->protocol = SSL_PROTOCOL_UNSET; + mctx->protocol = SSL_PROTOCOL_ALL; mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET; mctx->pphrase_dialog_path = NULL; @@ -254,7 +254,7 @@ static void modssl_ctx_cfg_merge(apr_poo modssl_ctx_t *add, modssl_ctx_t *mrg) { - cfgMerge(protocol, SSL_PROTOCOL_UNSET); + cfgMerge(protocol, SSL_PROTOCOL_ALL); cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET); cfgMergeString(pphrase_dialog_path); Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1653993&r1=1653992&r2=1653993&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Thu Jan 22 18:27:46 2015 @@ -209,19 +209,10 @@ apr_status_t ssl_init_Module(apr_pool_t if (sc->enabled == SSL_ENABLED_UNSET) { sc->enabled = SSL_ENABLED_FALSE; } - if (sc->proxy_enabled == UNSET) { sc->proxy_enabled = FALSE; } - if (sc->server && sc->server->protocol == SSL_PROTOCOL_UNSET) { - sc->server->protocol = SSL_PROTOCOL_ALL; - } - - if (sc->proxy && sc->proxy->protocol == SSL_PROTOCOL_UNSET) { - sc->proxy->protocol = SSL_PROTOCOL_ALL; - } - if (sc->session_cache_timeout == UNSET) { sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT; } Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1653993&r1=1653992&r2=1653993&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_private.h (original) +++ httpd/httpd/trunk/modules/ssl/ssl_private.h Thu Jan 22 18:27:46 2015 @@ -286,14 +286,13 @@ typedef int ssl_opt_t; /** * Define the SSL Protocol options */ -#define SSL_PROTOCOL_UNSET (0) -#define SSL_PROTOCOL_NONE (1<<0) -#define SSL_PROTOCOL_SSLV2 (1<<1) -#define SSL_PROTOCOL_SSLV3 (1<<2) -#define SSL_PROTOCOL_TLSV1 (1<<3) +#define SSL_PROTOCOL_NONE (0) +#define SSL_PROTOCOL_SSLV2 (1<<0) +#define SSL_PROTOCOL_SSLV3 (1<<1) +#define SSL_PROTOCOL_TLSV1 (1<<2) #ifdef HAVE_TLSV1_X -#define SSL_PROTOCOL_TLSV1_1 (1<<4) -#define SSL_PROTOCOL_TLSV1_2 (1<<5) +#define SSL_PROTOCOL_TLSV1_1 (1<<3) +#define SSL_PROTOCOL_TLSV1_2 (1<<4) #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1| \ SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2) #else