down below.
This fixes a crash during SSL renegotiation with OptRenegotiate set,
when client certificates are available from the original handshake
but were originally not verified and should get verified now.
This is a regression in 2.4.36 (unreleased).
Backport of r1828793 from trunk.
Submitted by: rjung
Reviewed by: rjung, rpluem, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1844223 13f79535-47bb-0310-9956-
ffa450edef68
*) mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1. [Rainer Jung]
+ *) mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set,
+ when client certificates are available from the original handshake
+ but were originally not verified and should get verified now.
+ This is a regression in 2.4.36 (unreleased). [Ruediger Pluem]
+
Changes with Apache 2.4.36
*) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_ssl: We need to get the SSL_CTX for further processing down below.
- trunk patch: http://svn.apache.org/r1828793
- 2.4.x patch: svn merge -c 1828793 ^/httpd/httpd/trunk .
- +1: rjung, rpluem, jorton
-
*) mod_ssl: Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.
The certificates and keys loaded during configuration time got lost during
{
server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
SSLSrvConfigRec *hssc = handshakeserver? mySrvConfig(handshakeserver) : NULL;
- SSL_CTX *ctx = NULL;
+ SSL_CTX *ctx = ssl ? SSL_get_SSL_CTX(ssl) : NULL;
BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
X509 *peercert;
X509_STORE *cert_store = NULL;
projects / thirdparty / apache / httpd.git / commitdiff
