*) modules/filters: PR 63633: Fix broken compilation when using old GCC (<4.2.x).
[Rainer Jung, Joe Orton]
+ *) mod_ssl: reverting a 2.4.40 change where a superfluous SSLCertificateChainFile configuration
+ for a domain managed by mod_md could cause a startup error. [Stefan Eissing]
+
Changes with Apache 2.4.40
*) core, mod_rewrite: Set PCRE_DOTALL by default. Revert via
n = pks->cert_files->nelts;
ssl_run_add_cert_files(s, p, pks->cert_files, pks->key_files);
- if (n < pks->cert_files->nelts) {
- /* this overrides any old chain configuration */
- sc->server->cert_chain = NULL;
+ if (apr_is_empty_array(pks->cert_files)) {
+ /* does someone propose a certiciate to fall back on here? */
+ ssl_run_add_fallback_cert_files(s, p, pks->cert_files, pks->key_files);
+ if (n < pks->cert_files->nelts) {
+ pks->service_unavailable = 1;
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(10085)
+ "Init: %s will respond with '503 Service Unavailable' for now. There "
+ "are no SSL certificates configured and no other module contributed any.",
+ ssl_util_vhostid(p, s));
+ }
}
- if (apr_is_empty_array(pks->cert_files) && !sc->server->cert_chain) {
- ssl_run_add_fallback_cert_files(s, p, pks->cert_files, pks->key_files);
-
- pks->service_unavailable = 1;
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(10085)
- "Init: %s will respond with '503 Service Unavailable' for now. There "
- "are no SSL certificates configured and no other module contributed any.",
- ssl_util_vhostid(p, s));
+ if (n < pks->cert_files->nelts) {
+ /* additionally installed certs overrides any old chain configuration */
+ sc->server->cert_chain = NULL;
}
if ((rv = ssl_init_ctx(s, p, ptemp, sc->server)) != APR_SUCCESS) {
projects / thirdparty / apache / httpd.git / commitdiff
