From: Yann Ylavic <ylavic@apache.org>
Date: Fri, 24 Mar 2017 12:40:27 +0000 (+0000)
Subject: mod_ssl: follow up to r1781575
X-Git-Tag: 2.5.0-alpha~537
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cee2df66f099b97ed7de3db810ce722c8e697fae;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: follow up to r1781575
Fix SSLOCSPNoVerify merging, and while at it capitalize Verify as suggested
by wrowe.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1788430 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 99f0c13391a..2e299e7b2f8 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -265,7 +265,7 @@ static const command_rec ssl_config_cmds[] = {
                 "Proxy URL to use for OCSP requests")
 
 /* Define OCSP Responder Certificate Verification Directive */
-    SSL_CMD_SRV(OCSPNoverify, FLAG,
+    SSL_CMD_SRV(OCSPNoVerify, FLAG,
                 "Do not verify OCSP Responder certificate ('on', 'off')")
 /* Define OCSP Responder File Configuration Directive */
     SSL_CMD_SRV(OCSPResponderCertificateFile, TAKE1,
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 730a6b38fbf..037ba1179bd 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -147,7 +147,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
     mctx->proxy_uri              = NULL;
 
 /* Set OCSP Responder Certificate Verification variable */
-    mctx->ocsp_noverify       = FALSE;
+    mctx->ocsp_noverify       = UNSET;
 /* Set OCSP Responder File variables */
     mctx->ocsp_verify_flags   = 0;
     mctx->ocsp_certs_file     = NULL;
@@ -1721,7 +1721,7 @@ const char *ssl_cmd_SSLOCSPProxyURL(cmd_parms *cmd, void *dcfg,
 }
 
 /* Set OCSP responder certificate verification directive */
-const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag)
+const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag)
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c
index 5617b9cf660..d146f6bd7f0 100644
--- a/modules/ssl/ssl_engine_ocsp.c
+++ b/modules/ssl/ssl_engine_ocsp.c
@@ -184,7 +184,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
 
     if (rc == V_OCSP_CERTSTATUS_GOOD) {
         /* Check if OCSP certificate verification required */
-        if (!sc->server->ocsp_noverify) {
+        if (sc->server->ocsp_noverify != TRUE) {
             /* Modify OCSP response verification to include OCSP Responder cert */
             if (OCSP_basic_verify(basicResponse, sc->server->ocsp_certs, X509_STORE_CTX_get0_store(ctx),
                                   sc->server->ocsp_verify_flags) != 1) {
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index a3a1ee1eb28..b41e737f75f 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -815,7 +815,7 @@ const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag);
 const char *ssl_cmd_SSLOCSPProxyURL(cmd_parms *cmd, void *dcfg, const char *arg);
 
 /* Declare OCSP Responder Certificate Verification Directive */
-const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag);
+const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag);
 /* Declare OCSP Responder Certificate File Directive */
 const char *ssl_cmd_SSLOCSPResponderCertificateFile(cmd_parms *cmd, void *dcfg, const char *arg);