httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1737265 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Date Thu, 31 Mar 2016 18:24:07 GMT
Author: ylavic
Date: Thu Mar 31 18:24:06 2016
New Revision: 1737265

URL: http://svn.apache.org/viewvc?rev=1737265&view=rev
Log:
mod_ssl: follow up to r1734561 and r1735337.

We also need to reset the X509_STORE_CTX's error in the callback to quiet
X509_V_ERR_UNABLE_TO_GET_CRL for the leaf certificate (caught by AH02010).


Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1737265&r1=1737264&r2=1737265&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Mar 31 18:24:06 2016
@@ -1637,6 +1637,11 @@ int ssl_callback_SSLVerify(int ok, X509_
 
     if (!ok && errnum == X509_V_ERR_UNABLE_TO_GET_CRL
             && (mctx->crl_check_mask & SSL_CRLCHECK_NO_CRL_FOR_CERT_OK)) {
+        ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, conn,
+                      "Certificate Verification: Temporary error (%d): %s: "
+                      "optional therefore we're accepting the certificate",
+                      errnum, X509_verify_cert_error_string(errnum));
+        X509_STORE_CTX_set_error(ctx, X509_V_OK);
         errnum = X509_V_OK;
         ok = TRUE;
     }



Mime
View raw message