httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r833582 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_private.h
Date Sat, 07 Nov 2009 00:08:18 GMT
On Sat, Nov 07, 2009 at 12:37:56AM +0100, Ruediger Pluem wrote:
> On 11/06/2009 11:33 PM, jorton@apache.org wrote:
> > Author: jorton
> > Date: Fri Nov  6 22:33:19 2009
> > New Revision: 833582
> > 
> > URL: http://svn.apache.org/viewvc?rev=833582&view=rev
> > Log:
> > SECURITY: Partial fix for CVE-2009-3555:
> 
> Looks good. Passes all tests in the framework (should we add one for CVE-2009-3555?)
> Backporting to 2.2.x has a little conflict in ssl_engine_io.c which is resolved in the
> attached patch which backports r833582 and r833593.
> This patch also passes all tests.

Awesome, thanks a lot!  

+1 for backport to 2.2.x here too.

I doubt it's possible to test this from perl-framework since it won't 
expose a way to trigger a renegotiation from the client, unfortunately.

Regards, Joe

Mime
View raw message