httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jchamp...@apache.org
Subject svn commit: r1791845 - /httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c
Date Wed, 19 Apr 2017 01:32:59 GMT
Author: jchampion
Date: Wed Apr 19 01:32:58 2017
New Revision: 1791845

URL: http://svn.apache.org/viewvc?rev=1791845&view=rev
Log:
mod_ssl_ct: fix return values for custom extension callback

This is most likely a follow-up to r1628833.

At some point during the OpenSSL 1.0.2 beta, the contract for custom
extension callbacks changed from "returning -1 skips the extension" to
"returning -1 will issue a TLS fatal alert". This caused mod_ssl_ct to
abort TLS connections that it intended to ignore. Zero is the correct
return value for "do nothing" in 1.0.2.

Modified:
    httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c?rev=1791845&r1=1791844&r2=1791845&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c Wed Apr 19 01:32:58 2017
@@ -2286,7 +2286,7 @@ static int server_extension_add_callback
         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(03032)
                       "server_extension_callback_2: client isn't CT-aware");
         /* Skip this extension for ServerHello */
-        return -1;
+        return 0;
     }
 
     /* need to reply with SCT */
@@ -2309,7 +2309,7 @@ static int server_extension_add_callback
     }
     else {
         /* Skip this extension for ServerHello */
-        return -1;
+        return 0;
     }
 
     return 1;



Mime
View raw message