Merge r417988 from trunk:

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_cleanup_proxy): Unset
pkp->certs pointer after freeing the array; fixes segfault at startup
if the certs are shared across >1 server_rec.

PR: 39915
Submitted by: jorton
Reviewed by: minfrin, rjung, jorton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@946401 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index ca3c92f743ffc472d567e51f23b0e7b80267619a..43161640208bb157fca88163bb29af02a98986e4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.16
 
+  *) mod_ssl: Fix segfault at startup if proxy client certs are shared
+     across multiple vhosts.  PR 39915.  [Joe Orton]
+
   *) mod_proxy_http: Log the port of the remote server in various messages.
      PR 48812. [Igor Galić <i galic brainsware org>] 
 

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index d4f9171dfe366e08962e1220f9e1df60b55b4c58..05d450af6250cd03d0d6bb9ce89fe728cbc9ab24 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1250,6 +1250,7 @@ static void ssl_init_ctx_cleanup_proxy(modssl_ctx_t *mctx)
 
     if (mctx->pkp->certs) {
         sk_X509_INFO_pop_free(mctx->pkp->certs, X509_INFO_free);
+        mctx->pkp->certs = NULL;
     }
 }