Reverse the order when merging global and vhost-level config arrays.

Putting the vhost-level elements last allows overriding global settings
(for the deprecated SSLRequire directive, the order is irrelevant,
all of them must be met, cf. ssl_engine_kernel.c:ssl_hook_Access).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1585919 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index a6079bff91f794ea2be16b307c097d8990127c2d..2d95509c95d5e8370213d3fb50583a315761fdf2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: fix merging of global and vhost-level settings with the
+     SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
+     directives. PR 56353. [Kaspar Brand]
+
   *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
      (and logging garbled file names). PR 56306. [Kaspar Brand]
 

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index f53428858542e8c7955418268c545ccafe02d330..9862df7a08f2ad169d61dc2731c45d7da1e73e2e 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -243,7 +243,7 @@ void *ssl_config_server_create(apr_pool_t *p, server_rec *s)
 }
 
 #define cfgMerge(el,unset)  mrg->el = (add->el == (unset)) ? base->el : add->el
-#define cfgMergeArray(el)   mrg->el = apr_array_append(p, add->el, base->el)
+#define cfgMergeArray(el)   mrg->el = apr_array_append(p, base->el, add->el)
 #define cfgMergeString(el)  cfgMerge(el, NULL)
 #define cfgMergeBool(el)    cfgMerge(el, UNSET)
 #define cfgMergeInt(el)     cfgMerge(el, UNSET)