A couple of mod_ssl bugs.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@105404 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 850409a5b4a543124e369fd9aa06396c9caf2e66..aad5a9988a52c7b3beb41c91207f3a72f8f1d058 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/10/10 22:06:40 $]
+Last modified at [$Date: 2004/10/11 16:11:37 $]
 
 Release:
 
@@ -75,6 +75,20 @@ PATCHES TO BACKPORT FROM 2.1
   [ please place file names and revisions from HEAD here, so it is easy to
     identify exactly what the proposed changes are! ]
 
+    *) mod_ssl: Fix and prevent an SSLCipherSuite bypass by resuming a
+       session during a renegotiation.
+       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110&r2=1.111
+       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128&r2=1.129
+       PR: 31505
+       +1: jorton
+
+    *) mod_ssl: Fail to configure when an SSL proxy is configured with
+       incomplete client cert keypair, rather than segfaulting at
+       runtime.
+       http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
+       PR: 24030
+       +1: jorton
+
     *) Allow for the use of --with-module=foo:bar where the ./modules/foo
        directory is a local addition to the ./modules directory.
        Assumes, of course, that the required files are in ./modules/foo,
@@ -110,6 +124,7 @@ PATCHES TO BACKPORT FROM 2.1
          http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/util_filter.c?r1=1.100&r2=1.101
        PR: 31247
        jerenkrantz comments: This needs the final patch posted to dev@httpd?
+       jorton replies: it does indeed, hang on...
        +1: jorton
 
     *) Correctly store cache content type. PR 30278