httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r1844226 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS modules/ssl/ssl_engine_config.c
Date Thu, 18 Oct 2018 10:06:37 GMT
Author: rjung
Date: Thu Oct 18 10:06:37 2018
New Revision: 1844226

URL: http://svn.apache.org/viewvc?rev=1844226&view=rev
Log:
mod_ssl: Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.

The certificates and keys loaded during configuration time got lost during
runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
level and there was an SSL directive at directory level, e.g. SSLRequire.

This fixes a regression likely introduced in r1740928 (backported in r1824187).

Backport of r1844002 from trunk.

Submitted by: rjung
Reviewed by: rjung, rpluem, jorton

Modified:
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1844226&r1=1844225&r2=1844226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Oct 18 10:06:37 2018
@@ -8,6 +8,9 @@ Changes with Apache 2.4.37
      but were originally not verified and should get verified now.
      This is a regression in 2.4.36 (unreleased). [Ruediger Pluem]
 
+  *) mod_ssl: Correctly merge configurations that have client certificates set
+     by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
 Changes with Apache 2.4.36
 
   *) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1844226&r1=1844225&r2=1844226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Thu Oct 18 10:06:37 2018
@@ -125,15 +125,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: Correctly merge configurations that have client certificates set
-   by SSLProxyMachineCertificate{File|Path}.
-   The certificates and keys loaded during configuration time got lost during
-   runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
-   level and there was an SSL directive at directory level, e.g. SSLRequire.
-   This fixes a regression likely introduced in r1740928 (backported in r1824187).
-     trunk patch: http://svn.apache.org/r1844002
-     2.4.x patch: svn merge -c 1844002 ^/httpd/httpd/trunk .
-     +1: rjung, rpluem, jorton
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?rev=1844226&r1=1844225&r2=1844226&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c Thu Oct 18 10:06:37 2018
@@ -467,6 +467,8 @@ static void modssl_ctx_cfg_merge_proxy(a
     cfgMergeString(pkp->cert_file);
     cfgMergeString(pkp->cert_path);
     cfgMergeString(pkp->ca_cert_file);
+    cfgMergeString(pkp->certs);
+    cfgMergeString(pkp->ca_certs);
 }
 
 void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)



Mime
View raw message