Merge r1929308, r1929333, r1929361, r1929503 from trunk:
mod_ssl: Add SSLVHostSNIPolicy directive to set the compatibility
level required for VirtualHost matching.
For "secure" and "authonly" modes, a hash of the policy-relevant vhost
configuration is created and stored in the post_config hooks, reducing
the runtime code complexity (and overhead).
* modules/ssl/ssl_engine_kernel.c (ssl_check_vhost_sni_policy): New
function, replacing ssl_server_compatible et al.
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLVHostSNIPolicy): New
function.
* modules/ssl/ssl_engine_init.c (md5_strarray_cmp, md5_strarray_hash,
hash_sni_policy_pk, hash_sni_policy_auth, create_sni_policy_hash):
New functions.
(ssl_init_Module): Invoke create_sni_policy_hash to store the hash
for every SSLSrvConfigRec.
* modules/ssl/ssl_private.h (SSLModConfigRec): Add snivh_policy field.
(SSLSrvConfigRec): Add sni_policy_hash field.
PR: 69743
GitHub: closes #562
Reviewed by: jorton, rpluem, covener
Docs changes:
misplaced tags in english version and fr doc XML file update.
Update docs on SSLVhostSNIPolicy to cover the impact on
non-SNI connections. Reorder the table for clarity.
Submitted by: jorton, Aaron Ogburn <aogburn redhat.com>, rpluem, lgentis
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1929556 13f79535-47bb-0310-9956-
ffa450edef68
projects / thirdparty / apache / httpd.git / commit
