Backport r1865740.

author Graham Leggett <minfrin@apache.org>

Wed, 1 Jan 2020 23:05:42 +0000 (23:05 +0000)

committer Graham Leggett <minfrin@apache.org>

Wed, 1 Jan 2020 23:05:42 +0000 (23:05 +0000)
author Graham Leggett <minfrin@apache.org>
Wed, 1 Jan 2020 23:05:42 +0000 (23:05 +0000)
committer Graham Leggett <minfrin@apache.org>
Wed, 1 Jan 2020 23:05:42 +0000 (23:05 +0000)
diff --git a/CHANGES b/CHANGES

index 288a9dc4012278232ba52445b27b031751fe261e..db8738b66d7c721b5da5a22aa2a24aff6dd322f7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.4.42
  
+  *) mod_ssl: OCSP does not apply to proxy mode. [Yann Ylavic]
+
    *) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469
       [Jim Jagielski]
   
diff --git a/STATUS b/STATUS

index e09b7bfeebf76d0c5a7120752dbe38545b35f946..108fe67405bcdbfbf23e8e7ff28219698d10091e 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -132,11 +132,6 @@ RELEASE SHOWSTOPPERS:
  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
    [ start all new proposals below, under PATCHES PROPOSED. ]
  
-  *) mod_ssl: OCSP does not apply to proxy mode
-     trunk patch: http://svn.apache.org/r1865740
-     2.4.x patch: svn merge -c 1865740 ^/httpd/httpd/trunk .
-     +1: ylavic, jorton, minfrin
-
  
  
  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c

index f8ecb4fd187daf808b6fcdc880772bd104cb8dde..f8596d57242483765178863803ba4c8f4b4303d3 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1813,8 +1813,8 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
      /*
       * Perform OCSP-based revocation checks
       */
-    if (ok && ((sc->server->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
-         (errdepth == 0 && (sc->server->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {     
+    if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
+         (errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {     
          /* If there was an optional verification error, it's not
           * possible to perform OCSP validation since the issuer may be
           * missing/untrusted.  Fail in that case. */
author	Graham Leggett <minfrin@apache.org>
	Wed, 1 Jan 2020 23:05:42 +0000 (23:05 +0000)
committer	Graham Leggett <minfrin@apache.org>
	Wed, 1 Jan 2020 23:05:42 +0000 (23:05 +0000)
CHANGES		patch \| blob \| blame \| history
STATUS		patch \| blob \| blame \| history
modules/ssl/ssl_engine_kernel.c		patch \| blob \| blame \| history