From: Jeff Trawick <trawick@apache.org>
Date: Tue, 16 Sep 2003 13:37:33 +0000 (+0000)
Subject: merge this fix from 2.1-dev:
X-Git-Tag: 2.0.48~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ea1051aeb74c88c89d0021fa74aa0e3cb6520f2;p=thirdparty%2Fapache%2Fhttpd.git

merge this fix from 2.1-dev:

    *) mod_ssl: Fix a problem setting variables that represent the
       client certificate chain.  PR 21371

PR:              21371
Reviewed by:	 nd, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@101252 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 04b46252520..7f26896032e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.48
 
+  *) mod_ssl: Fix a problem setting variables that represent the
+     client certificate chain.  PR 21371  [Jeff Trawick]
+
   *) Unix: Handle permissions settings for flock-based mutexes in 
      unixd_set_global|proc_mutex_perms().  Allow the functions to be
      called for any type of mutex.  PR 20312  [Jeff Trawick]
diff --git a/STATUS b/STATUS
index 536e7129c8e..3c2916e5437 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2003/09/16 13:01:06 $]
+Last modified at [$Date: 2003/09/16 13:37:32 $]
 
 Release:
 
@@ -239,11 +239,6 @@ PATCHES TO PORT FROM 2.1
             nd replies: Sure. 1.53 fixes that.
       +1: fielding, nd, jerenkrantz, erikabele
 
-    * mod_ssl: Fix a problem setting variables that represent the
-      client certificate chain.  PR 21371
-        modules/ssl/ssl_engine_vars.c:  r1.24
-      +1: trawick, nd, jorton
-
     * mod_ssl: Fix segfaults after renegotiation failure.  PR 21370
         modules/ssl/ssl_engine_io.c:  r1.110
         modules/ssl/ssl_engine_kernel.c: r1.196
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index dc63a31640f..eeb331c0f22 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -290,7 +290,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
     }
     else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
         sk = SSL_get_peer_cert_chain(ssl);
-        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+17);
+        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18);
     }
     else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
         result = ssl_var_lookup_ssl_cert_verify(p, c);