* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Correctly
restore SSL verify state after PHA failure in TLSv1.3.
Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Reviewed by: jorton, covener, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1855917 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.4.39
+ *) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
+ [Michael Kaufmann <mail michael-kaufmann.ch>]
+
*) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host
PR 55348
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
apr_table_setn(r->notes, "error-notes",
"Reason: Cannot perform Post-Handshake Authentication.<br />");
+ SSL_set_verify(ssl, vmode_inplace, NULL);
return HTTP_FORBIDDEN;
}
* Finally check for acceptable renegotiation results
*/
if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
+ SSL_set_verify(ssl, vmode_inplace, NULL);
return rc;
}
}
projects / thirdparty / apache / httpd.git / commitdiff
