Return-Path: <dev-return-86802-archive-asf-public=cust-asf.ponee.io@httpd.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 69269200B29
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 30 Jun 2016 17:49:36 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 67A1E160A52; Thu, 30 Jun 2016 15:49:36 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 87085160A06
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 30 Jun 2016 17:49:35 +0200 (CEST)
Received: (qmail 64430 invoked by uid 500); 30 Jun 2016 15:49:34 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 64420 invoked by uid 99); 30 Jun 2016 15:49:34 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Jun 2016 15:49:34 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 1E796C034D
	for <dev@httpd.apache.org>; Thu, 30 Jun 2016 15:49:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.821
X-Spam-Level: 
X-Spam-Status: No, score=-0.821 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx2-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id g29LIdIf28sj for <dev@httpd.apache.org>;
	Thu, 30 Jun 2016 15:49:32 +0000 (UTC)
Received: from mail-qt0-f181.google.com (mail-qt0-f181.google.com [209.85.216.181])
	by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with ESMTPS id 62F8F5F572
	for <dev@httpd.apache.org>; Thu, 30 Jun 2016 15:49:32 +0000 (UTC)
Received: by mail-qt0-f181.google.com with SMTP id c34so44483789qte.0
        for <dev@httpd.apache.org>; Thu, 30 Jun 2016 08:49:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=GaMySUqn9qSgJbWSBmYRqNVbp46P51wmBXZShh1p7x8=;
        b=AoHb2rgOsxNrouE/nzIrUkzbt4eSMN5mxlmbZxustqEUEsvlWoPQztttmQK2x3+fgr
         h41HpZ9PGhMNw0D6Q71ninDeCyQ/C2K17BF+LBWLxY43fF57ClskZ9dDI9SA+MLcPw8+
         uy5njOKLC88AVTf5VYfYzqMf0dbJU26LSyDtRbMwSJM8xyc5P0SJeUd/m9EhoqT+oNeX
         cVSCVALUxUX113LMayOtpNhc19VHuZxqZNge70hKv74O7crXskhdQQQsyD8CYURb+PtC
         e0Z0TQrS0iJhv1LhUohZN/HOI4OabJGDgHMEN+KWmxE1PON8/KnNRhGKspy4ogr2vDdN
         ZO8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=GaMySUqn9qSgJbWSBmYRqNVbp46P51wmBXZShh1p7x8=;
        b=ZsNZPGIqOlXSytTnZFitaKGbp7oNaMN2am2MifLMI1QmkEGcQyjNa8O1fCt+nJDuuo
         O9CzorvKIM7IJo+IOgBeBbTEE/uwZtipbJxssosMMN12dyyBPMM4gSdDkBm4t1HMSZk6
         BuKxpt+vizGuZf30CEU3iMIe4ue+MPN4COh70UZ3JlyqGTCx/2rk8kX5BLhAlbQKm/2y
         lYRpY1oEqzET0mYigfNGx+/fO0xK+ZyvbnQXcE/UIwxvrIfhw6465RVcySk5IUsfDVeA
         vxjv56seTjMbS7VhJ9zZ3HYRJLqFSHAvQ489G0LStshkNM7vIG2X2MrJHfQ73N7o45y0
         qmqQ==
X-Gm-Message-State: ALyK8tJNSNDqIEa684U1d8Fa/q3dRNx9g546ZoCdf6RYgORPUubT8gyQxEXPEdBb+94eZZyBeILeyCXHZg/jgg==
X-Received: by 10.200.40.88 with SMTP id 24mr23192065qtr.73.1467301765537;
 Thu, 30 Jun 2016 08:49:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.5.13 with HTTP; Thu, 30 Jun 2016 08:49:24 -0700 (PDT)
In-Reply-To: <CAKQ1sVNVtD-2VpX6i9gvsGg2hERRntN5Lo_EaxroJ2MEmwAH-w@mail.gmail.com>
References: <20160630120843.8AE6F3A0316@svn01-us-west.apache.org>
 <57753536.40605@apache.org> <CAKQ1sVNVtD-2VpX6i9gvsGg2hERRntN5Lo_EaxroJ2MEmwAH-w@mail.gmail.com>
From: Yann Ylavic <ylavic.dev@gmail.com>
Date: Thu, 30 Jun 2016 17:49:24 +0200
Message-ID: <CAKQ1sVPTy+RtDJMXCUkCbBAhvuNbSU11i9bDDSbApUk75f7eWA@mail.gmail.com>
Subject: Re: svn commit: r1750779 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_kernel.c
To: httpd-dev <dev@httpd.apache.org>
Content-Type: multipart/mixed; boundary=001a11414c54837efc053680d00e
archived-at: Thu, 30 Jun 2016 15:49:36 -0000

--001a11414c54837efc053680d00e
Content-Type: text/plain; charset=UTF-8

On Thu, Jun 30, 2016 at 5:26 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> On Thu, Jun 30, 2016 at 5:05 PM, Ruediger Pluem <rpluem@apache.org> wrote:
>>
>> Is there a reson why we use ssl_callback_SSLVerify instead of NULL like we do in asimilar situation below?
>> IMHO we do not want to change the callback here to whatever it may set.
>> I agree that in practice there won't be any difference right now, since we only have one callback.
>
> I agree that if/when we have multiple callback possibilities, we
> should set NULL here, but also above where we force the new mode.

Also note that we could avoid this SSL_set_verify() dance in
ssl_hook_Access() with something like the attached patch, which moves
it just before the actual renegotiation.

The new AP_CONN_CLOSE are to help core HTTP with connections we know
are not unrecoverable.

>
> Regards,
> Yann.

--001a11414c54837efc053680d00e
Content-Type: text/x-patch; charset=US-ASCII; name="SSL_set_verify-dance.patch"
Content-Disposition: attachment; filename="SSL_set_verify-dance.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_iq2hdqzx0

SW5kZXg6IG1vZHVsZXMvc3NsL3NzbF9lbmdpbmVfa2VybmVsLmMKPT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gbW9k
dWxlcy9zc2wvc3NsX2VuZ2luZV9rZXJuZWwuYwkocmV2aXNpb24gMTc1MDgwNSkKKysrIG1vZHVs
ZXMvc3NsL3NzbF9lbmdpbmVfa2VybmVsLmMJKHdvcmtpbmcgY29weSkKQEAgLTY4MiwxMSArNjgy
LDEyIEBAIGludCBzc2xfaG9va19BY2Nlc3MocmVxdWVzdF9yZWMgKnIpCiAgICAgICogdmVyaWZp
Y2F0aW9uIGJ1dCBhdCBsZWFzdCBza2lwIHRoZSBJL08taW50ZW5zaXZlIHJlbmVnb3RpYXRpb24K
ICAgICAgKiBoYW5kc2hha2UuCiAgICAgICovCisgICAgdmVyaWZ5ID0gU1NMX2dldF92ZXJpZnlf
bW9kZShzc2wpOwogICAgIGlmICgoZGMtPm5WZXJpZnlDbGllbnQgIT0gU1NMX0NWRVJJRllfVU5T
RVQpIHx8CiAgICAgICAgIChzYy0+c2VydmVyLT5hdXRoLnZlcmlmeV9tb2RlICE9IFNTTF9DVkVS
SUZZX1VOU0VUKSkgewogCiAgICAgICAgIC8qIHJlbWVtYmVyIG9sZCBzdGF0ZSAqLwotICAgICAg
ICB2ZXJpZnlfb2xkID0gU1NMX2dldF92ZXJpZnlfbW9kZShzc2wpOworICAgICAgICB2ZXJpZnlf
b2xkID0gdmVyaWZ5OwogICAgICAgICAvKiBjb25maWd1cmUgbmV3IHN0YXRlICovCiAgICAgICAg
IHZlcmlmeSA9IFNTTF9WRVJJRllfTk9ORTsKIApAQCAtNzAzLDEyICs3MDQsNiBAQCBpbnQgc3Ns
X2hvb2tfQWNjZXNzKHJlcXVlc3RfcmVjICpyKQogICAgICAgICAgICAgdmVyaWZ5IHw9IFNTTF9W
RVJJRllfUEVFUjsKICAgICAgICAgfQogCi0gICAgICAgIC8qIFRPRE86IHRoaXMgc2VlbXMgcHJl
bWF0dXJlIHNpbmNlIHdlIGRvIG5vdCBrbm93IGlmIHRoZXJlCi0gICAgICAgICAqICAgICAgIGFy
ZSBhbnkgY2hhbmdlcyByZXF1aXJlZC4KLSAgICAgICAgICovCi0gICAgICAgIFNTTF9zZXRfdmVy
aWZ5KHNzbCwgdmVyaWZ5LCBzc2xfY2FsbGJhY2tfU1NMVmVyaWZ5KTsKLSAgICAgICAgU1NMX3Nl
dF92ZXJpZnlfcmVzdWx0KHNzbCwgWDUwOV9WX09LKTsKLQogICAgICAgICAvKiBkZXRlcm1pbmUg
d2hldGhlciB3ZSd2ZSB0byBmb3JjZSBhIHJlbmVnb3RpYXRpb24gKi8KICAgICAgICAgaWYgKCFy
ZW5lZ290aWF0ZSAmJiB2ZXJpZnkgIT0gdmVyaWZ5X29sZCkgewogICAgICAgICAgICAgaWYgKCgo
dmVyaWZ5X29sZCA9PSBTU0xfVkVSSUZZX05PTkUpICYmCkBAIC03MjcsNyArNzIyLDYgQEAgaW50
IHNzbF9ob29rX0FjY2VzcyhyZXF1ZXN0X3JlYyAqcikKICAgICAgICAgICAgICAgICAgICAgICog
b24gdGhpcyBjb25uZWN0aW9uLgogICAgICAgICAgICAgICAgICAgICAgKi8KICAgICAgICAgICAg
ICAgICAgICAgYXByX3RhYmxlX3NldG4oci0+bm90ZXMsICJzc2wtcmVuZWdvdGlhdGUtZm9yYmlk
ZGVuIiwgInZlcmlmeS1jbGllbnQiKTsKLSAgICAgICAgICAgICAgICAgICAgU1NMX3NldF92ZXJp
Znkoc3NsLCB2ZXJpZnlfb2xkLCBzc2xfY2FsbGJhY2tfU1NMVmVyaWZ5KTsKICAgICAgICAgICAg
ICAgICAgICAgcmV0dXJuIEhUVFBfRk9SQklEREVOOwogICAgICAgICAgICAgICAgIH0KICAgICAg
ICAgICAgICAgICAvKiBvcHRpbWl6YXRpb24gKi8KQEAgLTgwMiw3ICs3OTYsNiBAQCBpbnQgc3Ns
X2hvb2tfQWNjZXNzKHJlcXVlc3RfcmVjICpyKQogICAgICAgICAgICAgICAgICAgICAgICAgICIn
cmVxdWlyZScgYW5kIFZpcnR1YWxIb3N0LXNwZWNpZmljIENBIGNlcnRpZmljYXRlICIKICAgICAg
ICAgICAgICAgICAgICAgICAgICAibGlzdCBpcyBvbmx5IGF2YWlsYWJsZSB0byBjbGllbnRzIHdp
dGggVExTIHNlcnZlciAiCiAgICAgICAgICAgICAgICAgICAgICAgICAgIm5hbWUgaW5kaWNhdGlv
biAoU05JKSBzdXBwb3J0Iik7Ci0gICAgICAgICAgICAgICAgICAgIFNTTF9zZXRfdmVyaWZ5KHNz
bCwgdmVyaWZ5X29sZCwgTlVMTCk7CiAgICAgICAgICAgICAgICAgICAgIHJldHVybiBIVFRQX0ZP
UkJJRERFTjsKICAgICAgICAgICAgICAgICB9IGVsc2UKICAgICAgICAgICAgICAgICAgICAgLyog
bGV0IGl0IHBhc3MsIHBvc3NpYmx5IHdpdGggYW4gImluY29ycmVjdCIgcGVlciBjZXJ0LApAQCAt
ODUwLDYgKzg0Myw3IEBAIGludCBzc2xfaG9va19BY2Nlc3MocmVxdWVzdF9yZWMgKnIpCiAgICAg
ICAgICAgICBhcF9sb2dfcmVycm9yKEFQTE9HX01BUkssIEFQTE9HX0VSUiwgMCwgciwgQVBMT0dO
TygwMjI1NykKICAgICAgICAgICAgICAgICAgICAgICAgICAgImNvdWxkIG5vdCBidWZmZXIgbWVz
c2FnZSBib2R5IHRvIGFsbG93ICIKICAgICAgICAgICAgICAgICAgICAgICAgICAgIlNTTCByZW5l
Z290aWF0aW9uIHRvIHByb2NlZWQiKTsKKyAgICAgICAgICAgIHItPmNvbm5lY3Rpb24tPmtlZXBh
bGl2ZSA9IEFQX0NPTk5fQ0xPU0U7CiAgICAgICAgICAgICByZXR1cm4gcnY7CiAgICAgICAgIH0K
ICAgICB9CkBAIC04NzIsNiArODY2LDkgQEAgaW50IHNzbF9ob29rX0FjY2VzcyhyZXF1ZXN0X3Jl
YyAqcikKICAgICAgICAgYXBfbG9nX3JlcnJvcihBUExPR19NQVJLLCBBUExPR19JTkZPLCAwLCBy
LCBBUExPR05PKDAyMjIxKQogICAgICAgICAgICAgICAgICAgICAgICJSZXF1ZXN0aW5nIGNvbm5l
Y3Rpb24gcmUtbmVnb3RpYXRpb24iKTsKIAorICAgICAgICBTU0xfc2V0X3ZlcmlmeShzc2wsIHZl
cmlmeSwgTlVMTCk7CisgICAgICAgIFNTTF9zZXRfdmVyaWZ5X3Jlc3VsdChzc2wsIFg1MDlfVl9P
Syk7CisKICAgICAgICAgaWYgKHJlbmVnb3RpYXRlX3F1aWNrKSB7CiAgICAgICAgICAgICBTVEFD
S19PRihYNTA5KSAqY2VydF9zdGFjazsKIApAQCAtODk4LDYgKzg5NSw3IEBAIGludCBzc2xfaG9v
a19BY2Nlc3MocmVxdWVzdF9yZWMgKnIpCiAgICAgICAgICAgICAgICAgYXBfbG9nX3JlcnJvcihB
UExPR19NQVJLLCBBUExPR19FUlIsIDAsIHIsIEFQTE9HTk8oMDIyMjIpCiAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAiQ2Fubm90IGZpbmQgcGVlciBjZXJ0aWZpY2F0ZSBjaGFpbiIpOwog
CisgICAgICAgICAgICAgICAgci0+Y29ubmVjdGlvbi0+a2VlcGFsaXZlID0gQVBfQ09OTl9DTE9T
RTsKICAgICAgICAgICAgICAgICByZXR1cm4gSFRUUF9GT1JCSURERU47CiAgICAgICAgICAgICB9
CiAKQEAgLTkwNyw2ICs5MDUsNyBAQCBpbnQgc3NsX2hvb2tfQWNjZXNzKHJlcXVlc3RfcmVjICpy
KQogICAgICAgICAgICAgICAgIGFwX2xvZ19yZXJyb3IoQVBMT0dfTUFSSywgQVBMT0dfRVJSLCAw
LCByLCBBUExPR05PKDAyMjIzKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIkNhbm5v
dCBmaW5kIGNlcnRpZmljYXRlIHN0b3JhZ2UiKTsKIAorICAgICAgICAgICAgICAgIHItPmNvbm5l
Y3Rpb24tPmtlZXBhbGl2ZSA9IEFQX0NPTk5fQ0xPU0U7CiAgICAgICAgICAgICAgICAgcmV0dXJu
IEhUVFBfRk9SQklEREVOOwogICAgICAgICAgICAgfQogCkBAIC0yNDYyLDcgKzI0NjEsNyBAQCBp
bnQgc3NsX2NhbGxiYWNrX1NSUFNlcnZlclBhcmFtcyhTU0wgKnNzbCwgaW50ICphZAogI2lmIE9Q
RU5TU0xfVkVSU0lPTl9OVU1CRVIgPj0gMHgxMDEwMDAwMEwKICAgICBTUlBfdXNlcl9wd2RfZnJl
ZSh1KTsKICNlbmRpZgotICAgIFNTTF9zZXRfdmVyaWZ5KHNzbCwgU1NMX1ZFUklGWV9OT05FLCAg
c3NsX2NhbGxiYWNrX1NTTFZlcmlmeSk7CisgICAgU1NMX3NldF92ZXJpZnkoc3NsLCBTU0xfVkVS
SUZZX05PTkUsIE5VTEwpOwogICAgIHJldHVybiBTU0xfRVJST1JfTk9ORTsKIH0KIAo=
--001a11414c54837efc053680d00e--