httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ic...@apache.org
Subject svn commit: r1845768 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c modules/ssl/ssl_util_ocsp.c
Date Mon, 05 Nov 2018 10:37:33 GMT
Author: icing
Date: Mon Nov  5 10:37:32 2018
New Revision: 1845768

URL: http://svn.apache.org/viewvc?rev=1845768&view=rev
Log:
  *) mod_ssl: clear *SSL errors before loading certificates and checking
     afterwards. Otherwise errors are reported when other SSL using modules
     are in play. Fixes PR 62880. [Michael Kaufmann]


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1845768&r1=1845767&r2=1845768&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Nov  5 10:37:32 2018
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ssl: clear *SSL errors before loading certificates and checking
+     afterwards. Otherwise errors are reported when other SSL using modules
+     are in play. Fixes PR 62880. [Michael Kaufmann]
+
   *) mod_ssl: Correctly merge configurations that have client certificates set
      by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1845768&r1=1845767&r2=1845768&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Mon Nov  5 10:37:32 2018
@@ -1063,8 +1063,10 @@ static int use_certificate_chain(
         ctx->extra_certs = NULL;
     }
 #endif
+
     /* create new extra chain by loading the certs */
     n = 0;
+    ERR_clear_error();
     while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
         if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
             X509_free(x509);

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c?rev=1845768&r1=1845767&r2=1845768&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c Mon Nov  5 10:37:32 2018
@@ -363,7 +363,9 @@ static STACK_OF(X509) *modssl_read_ocsp_
         BIO_free(bio);
         return NULL;
     }
+
     /* create new extra chain by loading the certs */
+    ERR_clear_error();
     while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
         if (!other_certs) {
                 other_certs = sk_X509_new_null();



Mime
View raw message