From: Joe Orton Date: Sat, 6 Mar 2004 17:54:28 +0000 (+0000) Subject: * modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle): Clear the X-Git-Tag: 2.0.49~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fc8b78a5465b3f18da631a7089bbf9412920dd0;p=thirdparty%2Fapache%2Fhttpd.git * modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle): Clear the OpenSSL error stack before reading the private key. PR: 21160 Reviewed by: Jeff Trawick, Justin Erenkrantz git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102871 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index fab16baba8c..f0b0b20edbd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ Changes with Apache 2.0.49 + *) mod_ssl: Fix bug in passphrase handling which could cause spurious + failures in SSL functions later. PR 21160. [Joe Orton] + *) mod_log_config: Fix corruption of buffered logs with threaded MPMs. PR 25520. [Jeff Trawick] diff --git a/STATUS b/STATUS index 82dfb3652c7..9dd8cfd2e57 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2004/03/05 19:08:13 $] +Last modified at [$Date: 2004/03/06 17:54:27 $] Release: @@ -113,13 +113,6 @@ PATCHES TO BACKPORT FROM 2.1 modules/metadata/mod_setenvif.c: r1.50 +1: nd - * mod_ssl: Clear OpenSSL error stack during pphrase entry to prevent - spurious failures in SSL functions later. - PR: 21160 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_pphrase.c?r1=1.44&r2=1.45 - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_pphrase.c?r1=1.49&r2=1.50 (comment-only modification) - +1: jorton, trawick, jerenkrantz - * Fix file extensions for real media files and removed rpm extension from mime.types. PR 26079. (2.0 + 1.3) docs/conf/mime.types: r1.23, r1.24 diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index 62019eb5b07..d38de7ea2dc 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -340,6 +340,11 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) cpPassPhraseCur = NULL; ssl_pphrase_server_rec = s; /* to make up for sslc flaw */ + /* Ensure that the error stack is empty; some SSL + * functions will fail spuriously if the error stack + * is not empty. */ + ERR_clear_error(); + bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL, ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);