From: Joe Orton <jorton@apache.org>
Date: Thu, 31 Oct 2013 15:42:08 +0000 (+0000)
Subject: For better compatibility with mod_nss:
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0383e8cb837319542a1d233ab483f29245dfb83;p=thirdparty%2Fapache%2Fhttpd.git

For better compatibility with mod_nss:

* modules/ssl/ssl_engine_config.c (ssl_config_server_new): Default
  sc->enabled to UNSET.

* modules/ssl/ssl_engine_init.c (ssl_init_Module): Only override
  sc->enabled based on the protocol iff sc->enabled is UNSET; allows
  "SSLEngine off" to override the Listen-based default.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1537535 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 05e4dd9cfa5..0870786e528 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -203,7 +203,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
     SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
 
     sc->mc                     = NULL;
-    sc->enabled                = SSL_ENABLED_FALSE;
+    sc->enabled                = SSL_ENABLED_UNSET;
     sc->proxy_enabled          = UNSET;
     sc->vhost_id               = NULL;  /* set during module init */
     sc->vhost_id_len           = 0;     /* set during module init */
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index b9ffa497cf4..c4512043f1c 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -115,13 +115,16 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         sc->vhost_id = ssl_util_vhostid(p, s);
         sc->vhost_id_len = strlen(sc->vhost_id);
 
-        if (ap_get_server_protocol(s) &&
-            strcmp("https", ap_get_server_protocol(s)) == 0) {
+        /* Default to enabled if SSLEngine is not set explicitly, and
+         * the protocol is https. */
+        if (ap_get_server_protocol(s) 
+            && strcmp("https", ap_get_server_protocol(s)) == 0
+            && sc->enabled == SSL_ENABLED_UNSET) {
             sc->enabled = SSL_ENABLED_TRUE;
         }
 
-        /* If sc->enabled is UNSET, then SSL is optional on this vhost  */
-        /* Fix up stuff that may not have been set */
+        /* Fix up stuff that may not have been set.  If sc->enabled is
+         * UNSET, then SSL is disabled on this vhost.  */
         if (sc->enabled == SSL_ENABLED_UNSET) {
             sc->enabled = SSL_ENABLED_FALSE;
         }