From: Yann Ylavic Date: Fri, 21 Feb 2020 00:10:01 +0000 (+0000) Subject: Merge r1873888 from trunk: X-Git-Tag: 2.4.42~67 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=86041647f8a6228f9fc55ce09ceaf1ceaa7fd13d;p=thirdparty%2Fapache%2Fhttpd.git Merge r1873888 from trunk: *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github issue mod_md#172 (https://github.com/icing/mod_md/issues/172). [Michael Kaufmann , Stefan Eissing] Submitted by: icing Reviewed by: icing, jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1874283 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index a8cf17250f0..a1a5b2dfec9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.42 + *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github + issue mod_md#172 (https://github.com/icing/mod_md/issues/172). + [Michael Kaufmann , Stefan Eissing] + *) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+. [Graham Leggett] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 4a9474318ea..6580385e1a1 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2362,6 +2362,7 @@ static apr_status_t init_vhost(conn_rec *c, SSL *ssl, const char *servername) if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) { return APR_EGENERAL; } + SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify); } else { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044) @@ -2742,6 +2743,7 @@ int ssl_callback_alpn_select(SSL *ssl, if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) { return SSL_TLSEXT_ERR_ALERT_FATAL; } + SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify); } } }