From: Stefan Fritsch Date: Sun, 19 Jun 2011 18:03:55 +0000 (+0000) Subject: Avoid unnecessary renegotiations with SSLVerifyDepth 0. X-Git-Tag: 2.3.13~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a71d0d72cb4710ee458d8fd0d8350a6040ebbadc;p=thirdparty%2Fapache%2Fhttpd.git Avoid unnecessary renegotiations with SSLVerifyDepth 0. PR: 48215 Submitted by: Kaspar Brand git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1137394 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 967c0b30496..7d1c8e8b627 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.13 + *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0. + PR 48215. [Kaspar Brand] + *) mod_status: Display information about asynchronous connections in the server-status. PR 44377. [Stefan Fritsch] diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index d908e61d444..65a063f84b0 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -339,6 +339,7 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) sslconn = apr_pcalloc(c->pool, sizeof(*sslconn)); sslconn->server = c->base_server; + sslconn->verify_depth = UNSET; myConnConfigSet(c, sslconn); diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 1ff5d2e63b2..af1e77d11c5 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -499,7 +499,7 @@ int ssl_hook_Access(request_rec *r) * currently active/remembered verify depth (because this means more * restriction on the certificate chain). */ - n = sslconn->verify_depth ? + n = (sslconn->verify_depth != UNSET) ? sslconn->verify_depth : (mySrvConfig(handshakeserver))->server->auth.verify_depth; /* determine the new depth */