From: Joe Orton Date: Mon, 9 Jan 2023 12:07:49 +0000 (+0000) Subject: Merge r1861269 from trunk: X-Git-Tag: 2.4.55-rc1-candidate~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a9e96e190fae0815f7d29fe7a2bda3345934916;p=thirdparty%2Fapache%2Fhttpd.git Merge r1861269 from trunk: * modules/ssl/ssl_engine_config.c (ssl_cmd_check_file): If dumping the config, don't validate the paths. Allows e.g. "httpd -L" to work w/ certs configured but not present, doesn't affect "httpd -t". Reviewed by: jorton, rpluem, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906489 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index b6e8e7603c4..eaf9554f87e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.55 + *) mod_ssl: When dumping the configuration, the existence of + certificate/key files is no longer tested. [Joe Orton] + *) mod_ssl: when a proxy connection had handled a request using SSL, an error was logged when "SSLProxyEngine" was only configured in the location/proxy section and not the overall server. The connection diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 01c5a176697..de18b8fb25f 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -810,8 +810,14 @@ const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, static const char *ssl_cmd_check_file(cmd_parms *parms, const char **file) { - const char *filepath = ap_server_root_relative(parms->pool, *file); + const char *filepath; + /* If only dumping the config, don't verify the paths */ + if (ap_state_query(AP_SQ_RUN_MODE) == AP_SQ_RM_CONFIG_DUMP) { + return NULL; + } + + filepath = ap_server_root_relative(parms->pool, *file); if (!filepath) { return apr_pstrcat(parms->pool, parms->cmd->name, ": Invalid file path ", *file, NULL);