From: Jan Kaluža <jkaluza@apache.org>
Date: Mon, 20 Oct 2014 09:18:22 +0000 (+0000)
Subject: mod_ssl: Fix SSL_CLIENT_VERIFY value when "SSLVerifyClient optional_no_ca" and
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55d269dd26b2a9ba637a9844f6b39eb4f3e03374;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: Fix SSL_CLIENT_VERIFY value when "SSLVerifyClient optional_no_ca" and
SSLSessionCache are used and SSL session is resumed. SSL_CLIENT_VERIFY value
has been set to SUCCESS on resumption even when originally it was set to
GENEROUS. PR 53193.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1633085 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index c7cbaa3e673..b1f4bda8f91 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1322,6 +1322,11 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
                           "\"SSLVerifyClient optional_no_ca\" "
                           "configuration");
             ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
+
+            /* on session resumption ssl_callback_SSLVerify() 
+             * will not be called, therefore we have to set it here
+             */
+            sslconn->verify_info = "GENEROUS";
         }
         else {
             const char *error = sslconn->verify_error ?