From: Joe Orton <jorton@apache.org>
Date: Thu, 19 Apr 2018 08:02:41 +0000 (+0000)
Subject: * modules/ssl/ssl_engine_init.c (ssl_init_Module): Don't enable SSL
X-Git-Tag: 2.5.0-alpha2-ci-test-only~2677
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81af07c707b365c9a3fd7f98adc86d02e90275e1;p=thirdparty%2Fapache%2Fhttpd.git

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Don't enable SSL
  for a vhost if SSLEnable is not used and no certs are configured,
  even if the Listen protocol is "https".  Restores behaviour to that
  prior to r1809303 for configs which would now otherwise fail at
  startup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829513 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 04a38da32c2..89ed3df0fe0 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -262,7 +262,8 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
          * the protocol is https. */
         if (ap_get_server_protocol(s) 
             && strcmp("https", ap_get_server_protocol(s)) == 0
-            && sc->enabled == SSL_ENABLED_UNSET) {
+            && sc->enabled == SSL_ENABLED_UNSET
+            && (!apr_is_empty_array(sc->server->pks->cert_files))) {
             sc->enabled = SSL_ENABLED_TRUE;
         }