-*- coding: utf-8 -*-
Changes with Apache 2.2.26
-
+ *) mod_ssl: Fix compilation error when OpenSSL does not contain
+ support for SSLv2. Problem was introduced in 2.2.25. PR 55194.
+ [Rainer Jung, Kaspar Brand]
Changes with Apache 2.2.25
#ifndef OPENSSL_NO_TLSEXT
/*
* Enable SNI for backend requests. Make sure we don't do it for
- * pure SSLv2 or SSLv3 connections, and also prevent IP addresses
+ * pure SSLv3 connections, and also prevent IP addresses
* from being included in the SNI extension. (OpenSSL would simply
* pass them on, but RFC 6066 is quite clear on this: "Literal
* IPv4 and IPv6 addresses are not permitted".)
+ * We can omit the check for SSL_PROTOCOL_SSLV2 as there is
+ * no way for OpenSSL to screw up things in this case (it's
+ * impossible to include extensions in a pure SSLv2 ClientHello,
+ * protocol-wise).
*/
if (hostname_note &&
- sc->proxy->protocol != SSL_PROTOCOL_SSLV2 &&
sc->proxy->protocol != SSL_PROTOCOL_SSLV3 &&
apr_ipsubnet_create(&ip, hostname_note, NULL,
c->pool) != APR_SUCCESS) {
projects / thirdparty / apache / httpd.git / commitdiff
