git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Yann Ylavic <ylavic@apache.org>
	Tue, 22 Oct 2019 10:14:53 +0000 (10:14 +0000)
committer	Yann Ylavic <ylavic@apache.org>
	Tue, 22 Oct 2019 10:14:53 +0000 (10:14 +0000)
commit	b3fb2d39727940b487765b401b763ae5ba79a4cf
tree	78b3f56bda6e3a926db52f4e6dc0dd5a900bf65e	tree \| snapshot
parent	570b6e74f09b907f6676d8f920571a14039bac89	commit \| diff

mod_ssl: follow up to r1868645.

Restore ssl_callback_ServerNameIndication() even with OpenSSL 1.1.1+, which
depends on its return value (OK/NOACK), mainly on session resumption, for
SSL_get_servername() to consider or ignore the SNI (returning NULL thus
making SSLStrictSNIVHostCheck fail for possibly legitimate cases).

This means that init_vhost() should accurately return whether the SNI exists
in the configured vhosts, even when it's called multiple times (e.g. first
from ClientHello callback and then from SNI callback), so save that state in
sslconn->vhost_found and reuse it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868743 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_init.c		diff \| blob \| blame \| history
modules/ssl/ssl_engine_kernel.c		diff \| blob \| blame \| history
modules/ssl/ssl_private.h		diff \| blob \| blame \| history