From: Graham Leggett Date: Wed, 1 Jan 2020 23:05:42 +0000 (+0000) Subject: Backport r1865740. X-Git-Tag: 2.4.42~171 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c11b1cd3b11f073ab1b5d1d670cec9db21144683;p=thirdparty%2Fapache%2Fhttpd.git Backport r1865740. mod_ssl: OCSP does not apply to proxy mode. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1872226 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 288a9dc4012..db8738b66d7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.42 + *) mod_ssl: OCSP does not apply to proxy mode. [Yann Ylavic] + *) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469 [Jim Jagielski] diff --git a/STATUS b/STATUS index e09b7bfeebf..108fe67405b 100644 --- a/STATUS +++ b/STATUS @@ -132,11 +132,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_ssl: OCSP does not apply to proxy mode - trunk patch: http://svn.apache.org/r1865740 - 2.4.x patch: svn merge -c 1865740 ^/httpd/httpd/trunk . - +1: ylavic, jorton, minfrin - PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index f8ecb4fd187..f8596d57242 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1813,8 +1813,8 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) /* * Perform OCSP-based revocation checks */ - if (ok && ((sc->server->ocsp_mask & SSL_OCSPCHECK_CHAIN) || - (errdepth == 0 && (sc->server->ocsp_mask & SSL_OCSPCHECK_LEAF)))) { + if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) || + (errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) { /* If there was an optional verification error, it's not * possible to perform OCSP validation since the issuer may be * missing/untrusted. Fail in that case. */