From: Ruediger Pluem <rpluem@apache.org>
Date: Fri, 3 Jan 2014 20:07:54 +0000 (+0000)
Subject: * Update comment. No functional change.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65f4bc9d5fc94bc3b19c7e15d2b9e754c47d872c;p=thirdparty%2Fapache%2Fhttpd.git

* Update comment. No functional change.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1555240 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 4c7daa4469c..062e235a8ab 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -175,10 +175,13 @@ int ssl_hook_ReadReq(request_rec *r)
              * with either no hostname or a different hostname as this could
              * cause us to end up in a different virtual host as the one that
              * was used for the handshake causing different SSL parameters to
-             * be applied.
-             * XXX: TODO check if this is really true and that there are
-             * SSL parameters that are not fixed by a renegotiation in
-             * ssl_hook_Access.
+             * be applied as SSLProtocol, SSLCACertificateFile/Path and
+             * SSLCADNRequestFile/Path cannot be renegotioated (SSLCA* due
+             * to current limitiations in Openssl, see
+             * http://mail-archives.apache.org/mod_mbox/httpd-dev/200806.mbox/%3C48592955.2090303@velox.ch%3E
+             * and
+             * http://mail-archives.apache.org/mod_mbox/httpd-dev/201312.mbox/%3CCAKQ1sVNpOrdiBm-UPw1hEdSN7YQXRRjeaT-MCWbW_7mN%3DuFiOw%40mail.gmail.com%3E
+             * )
              */
             if (!r->hostname) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02031)