From cvs-return-64721-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Thu Nov 8 11:09:23 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 65DA9180671 for ; Thu, 8 Nov 2018 11:09:23 +0100 (CET) Received: (qmail 61314 invoked by uid 500); 8 Nov 2018 10:09:22 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 61305 invoked by uid 99); 8 Nov 2018 10:09:22 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Nov 2018 10:09:22 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id C85B63A143A for ; Thu, 8 Nov 2018 10:09:21 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1846111 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_kernel.c Date: Thu, 08 Nov 2018 10:09:21 -0000 To: cvs@httpd.apache.org From: icing@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20181108100921.C85B63A143A@svn01-us-west.apache.org> Author: icing Date: Thu Nov 8 10:09:21 2018 New Revision: 1846111 URL: http://svn.apache.org/viewvc?rev=1846111&view=rev Log: *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1846111&r1=1846110&r2=1846111&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Thu Nov 8 10:09:21 2018 @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly + on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] + *) mod_ssl: clear *SSL errors before loading certificates and checking afterwards. Otherwise errors are reported when other SSL using modules are in play. Fixes PR 62880. [Michael Kaufmann] Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1846111&r1=1846110&r2=1846111&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Nov 8 10:09:21 2018 @@ -1605,10 +1605,7 @@ static authz_status ssl_authz_require_ss const char *require_line, const void *parsed) { - SSLConnRec *sslconn = myConnConfig(r->connection); - SSL *ssl = sslconn ? sslconn->ssl : NULL; - - if (ssl) + if (modssl_request_is_tls(r, NULL)) return AUTHZ_GRANTED; else return AUTHZ_DENIED;