Return-Path: 
 <cvs-return-55361-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B480E18085
	for <apmail-httpd-cvs-archive@www.apache.org>;
 Fri,  4 Dec 2015 13:05:13 +0000 (UTC)
Received: (qmail 67803 invoked by uid 500); 4 Dec 2015 13:05:04 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 67732 invoked by uid 500); 4 Dec 2015 13:05:04 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 67721 invoked by uid 99); 4 Dec 2015 13:05:04 -0000
Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Dec 2015 13:05:04 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id 6B5C41A5F47
	for <cvs@httpd.apache.org>; Fri,  4 Dec 2015 13:05:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.246
X-Spam-Level: *
X-Spam-Status: No, score=1.246 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RP_MATCHES_RCVD=-0.554] autolearn=disabled
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id uF5eFr7yLZnq for <cvs@httpd.apache.org>;
	Fri,  4 Dec 2015 13:05:02 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org
 [209.188.14.139])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTP id 179CA201FB
	for <cvs@httpd.apache.org>; Fri,  4 Dec 2015 13:05:02 +0000 (UTC)
Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6])
	by mailrelay1-us-west.apache.org (ASF Mail Server at
 mailrelay1-us-west.apache.org) with ESMTP id 6A6E5E0280
	for <cvs@httpd.apache.org>; Fri,  4 Dec 2015 13:05:01 +0000 (UTC)
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org)
 with ESMTP id 832363A0A1C
	for <cvs@httpd.apache.org>; Fri,  4 Dec 2015 13:05:00 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1717958 - in /httpd/httpd/trunk: CHANGES
 modules/ssl/ssl_engine_vars.c
Date: Fri, 04 Dec 2015 13:04:59 -0000
To: cvs@httpd.apache.org
From: icing@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20151204130500.832363A0A1C@svn01-us-west.apache.org>

Author: icing
Date: Fri Dec  4 13:04:59 2015
New Revision: 1717958

URL: http://svn.apache.org/viewvc?rev=1717958&view=rev
Log:
using c->master for ssl var lookups when c holds no valid SSLConnRec. Fixes PR58666.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1717958&r1=1717957&r2=1717958&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Dec  4 13:04:59 2015
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
+     if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666.
+     [Stefan Eissing]
+     
   *) mod_http2: required minimum version of libnghttp2 is 1.2.1
      [Stefan Eissing]
   

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=1717958&r1=1717957&r2=1717958&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Fri Dec  4 13:04:59 2015
@@ -55,9 +55,19 @@ static void  ssl_var_lookup_ssl_cipher_b
 static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
 static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
 
-static int ssl_is_https(conn_rec *c)
+static SSLConnRec *ssl_get_effective_config(conn_rec *c)
 {
     SSLConnRec *sslconn = myConnConfig(c);
+    if (!(sslconn && sslconn->ssl) && c->master) {
+        /* use master connection if no SSL defined here */
+        sslconn = myConnConfig(c->master);
+    }
+    return sslconn;
+}
+
+static int ssl_is_https(conn_rec *c)
+{
+    SSLConnRec *sslconn = ssl_get_effective_config(c);
     return sslconn && sslconn->ssl;
 }
 
@@ -73,7 +83,7 @@ static int ssl_is_https(conn_rec *c)
 static apr_status_t ssl_get_tls_cb(apr_pool_t *p, conn_rec *c, const char *type,
                                    unsigned char **buf, apr_size_t *size)
 {
-    SSLConnRec *sslconn = myConnConfig(c);
+    SSLConnRec *sslconn = ssl_get_effective_config(c);
     const char *prefix;
     apr_size_t preflen;
     const unsigned char *data;
@@ -144,7 +154,7 @@ static apr_array_header_t *expr_peer_ext
 static const char *expr_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
 {
     char *var = (char *)data;
-    SSLConnRec *sslconn = myConnConfig(ctx->c);
+    SSLConnRec *sslconn = ssl_get_effective_config(ctx->c);
 
     return sslconn ? ssl_var_lookup_ssl(ctx->p, sslconn, ctx->r, var) : NULL;
 }
@@ -331,11 +341,7 @@ char *ssl_var_lookup(apr_pool_t *p, serv
      * Connection stuff
      */
     if (result == NULL && c != NULL) {
-        SSLConnRec *sslconn = myConnConfig(c);
-        if (!(sslconn && sslconn->ssl) && c->master) {
-            /* use master connection if no SSL defined here */
-            sslconn = myConnConfig(c->master);
-        }
+        SSLConnRec *sslconn = ssl_get_effective_config(c);
         if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
             && sslconn && sslconn->ssl)
             result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
@@ -1118,7 +1124,7 @@ static int dump_extn_value(BIO *bio, ASN
 apr_array_header_t *ssl_ext_list(apr_pool_t *p, conn_rec *c, int peer,
                                  const char *extension)
 {
-    SSLConnRec *sslconn = myConnConfig(c);
+    SSLConnRec *sslconn = ssl_get_effective_config(c);
     SSL *ssl = NULL;
     apr_array_header_t *array = NULL;
     X509 *xs = NULL;
@@ -1262,7 +1268,7 @@ void ssl_var_log_config_register(apr_poo
  */
 static const char *ssl_var_log_handler_c(request_rec *r, char *a)
 {
-    SSLConnRec *sslconn = myConnConfig(r->connection);
+    SSLConnRec *sslconn = ssl_get_effective_config(r->connection);
     char *result;
 
     if (sslconn == NULL || sslconn->ssl == NULL)