httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1680917 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS modules/ssl/ssl_engine_config.c modules/ssl/ssl_private.h
Date Thu, 21 May 2015 16:11:42 GMT
Author: ylavic
Date: Thu May 21 16:11:41 2015
New Revision: 1680917

URL: http://svn.apache.org/r1680917
Log:
Merge r1653997 from trunk.


r1653997 | ylavic | 2015-01-22 19:37:06 +0100 (Thu, 22 Jan 2015) | 7 lines

mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored
in virtualhost context (new version of r1653906 reverted by r1653993).

Submitted By: Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>
Committed/modified By: ylavic


Reviewed by: ylavic, wrowe, rjung
Backported by: ylavic

Modified:
    httpd/httpd/branches/2.2.x/   (props changed)
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h

Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu May 21 16:11:41 2015
@@ -1,2 +1,2 @@
 /httpd/httpd/branches/2.4.x:1555538,1555559,1648845,1649003
-/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,900022,932791,942209,952823,953311,955966,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1172732,1200040,1200372,1200374,1213380,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,1363183,1363186,1366344,1367778,1368131,1368396,13
 69568,1395225,1398066,1400700,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1524192,1524770,1526168,1527291,1527295,1527925,1528718,1529559,1531505,1532816,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1586745,1587594,1587639,1588851,1590509,1603156,1604353,1610207,1610311,1610491,1610501,1620932,1621453,1648840,1649001,1649043,1650310,1650320,1666363,1676654,1677462,1679470
+/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,900022,932791,942209,952823,953311,955966,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1172732,1200040,1200372,1200374,1213380,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,1363183,1363186,1366344,1367778,1368131,1368396,13
 69568,1395225,1398066,1400700,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1524192,1524770,1526168,1527291,1527295,1527925,1528718,1529559,1531505,1532816,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1586745,1587594,1587639,1588851,1590509,1603156,1604353,1610207,1610311,1610491,1610501,1620932,1621453,1648840,1649001,1649043,1650310,1650320,1653997,1666363,1676654,1677462,1679470

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1680917&r1=1680916&r2=1680917&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu May 21 16:11:41 2015
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.30
 
+  *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. 
+     PR 57100.  [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>,
+     Yann Ylavic]
+
   *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
      allowing custom parameters to be configured via SSLCertificateFile,
      and by adding standardized DH parameters for 1024/2048/3072/4096 bits.

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1680917&r1=1680916&r2=1680917&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu May 21 16:11:41 2015
@@ -108,15 +108,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      ylavic: trunk/2.4.x not concerned, 2.2.x only.
      +1: ylavic, jkaluza, wrowe
 
-   * mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. PR 57100.
-     trunk patch: http://svn.apache.org/r1653997
-     2.4.x patch: merged in http://svn.apache.org/r1663258
-     2.2.x patch: trunk works (modulo CHANGES)
-     +1: ylavic, wrowe, rjung
-     wrowe: good to fix inheritence. Unsure why ALL is the default on all
-            branches, I was sure it wasn't, but if we subvert ALL later, we
-            have done something odd. No impact on the validity of this patch.
-
    * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher
      priority and add explanations relative to RFC 7525 guidance.
                   http://svn.apache.org/r1679428

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c?rev=1680917&r1=1680916&r2=1680917&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c Thu May 21 16:11:41 2015
@@ -113,6 +113,7 @@ static void modssl_ctx_init(modssl_ctx_t
 #endif
 
     mctx->protocol            = SSL_PROTOCOL_ALL;
+    mctx->protocol_set        = 0;
 
     mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
     mctx->pphrase_dialog_path = NULL;
@@ -220,7 +221,12 @@ static void modssl_ctx_cfg_merge(modssl_
                                  modssl_ctx_t *add,
                                  modssl_ctx_t *mrg)
 {
-    cfgMerge(protocol, SSL_PROTOCOL_ALL);
+    if (add->protocol_set) {
+        mrg->protocol = add->protocol;
+    }
+    else {
+        mrg->protocol = base->protocol;
+    }
 
     cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
     cfgMergeString(pphrase_dialog_path);
@@ -1399,6 +1405,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parm
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
+    sc->server->protocol_set = 1;
     return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol);
 }
 
@@ -1417,6 +1424,7 @@ const char *ssl_cmd_SSLProxyProtocol(cmd
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
+    sc->proxy->protocol_set = 1;
     return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol);
 }
 

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h?rev=1680917&r1=1680916&r2=1680917&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h Thu May 21 16:11:41 2015
@@ -504,6 +504,7 @@ typedef struct {
 #endif
 
     ssl_proto_t  protocol;
+    int protocol_set;
 
     /** config for handling encrypted keys */
     ssl_pphrase_t pphrase_dialog_type;



Mime
View raw message