-*- coding: utf-8 -*-
Changes with Apache 2.4.38
+ *) mod_ssl: clear *SSL errors before loading certificates and checking
+ afterwards. Otherwise errors are reported when other SSL using modules
+ are in play. Fixes PR 62880. [Michael Kaufmann]
+
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_ssl: Fixes PR 62880 where certificate loading fails bc SSL ERRs are
- not cleared beforehand.
- trunk patch: http://svn.apache.org/r1845768
- 2.4.x patch: svn merge -c 1845768 ^/httpd/httpd/trunk .
- +1: icing, jim, minfrin
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
ctx->extra_certs = NULL;
}
#endif
+
/* create new extra chain by loading the certs */
n = 0;
+ ERR_clear_error();
while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
X509_free(x509);
BIO_free(bio);
return NULL;
}
+
/* create new extra chain by loading the certs */
+ ERR_clear_error();
while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
if (!other_certs) {
other_certs = sk_X509_new_null();
projects / thirdparty / apache / httpd.git / commitdiff
