httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: [Patch] PR37791
Date Tue, 06 Dec 2005 09:39:21 GMT
On Tue, Dec 06, 2005 at 08:08:17AM +0000, Joe Orton wrote:
> The access control checks here are actually more important for the 
> optional-SSL-not-upgraded case rather than the HTTP-on-HTTPS-port error 
> case.  Your change makes the test equivalent to:
> 
>   if (sc->enabled == SSL_ENABLED_FALSE || !ssl)
> 
> and the effect is that SSLRequire checks will not be applied even for a 
> vhost with "SSLEngine optional", which I think is wrong.  It should be 
> the case that:
> 
>   SSLRequire %{HTTPS} eq "on"

but that's not the existing behaviour, so ignore me.

I'll commit the simplified check.

joe

Mime
View raw message