From: Rainer Jung <rjung@apache.org>
Date: Fri, 5 Jul 2013 19:25:28 +0000 (+0000)
Subject: mod_ssl: Fix "SNI for backend" when compiled against
X-Git-Tag: 2.2.26~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c87c78f846fa8ce9853ced8586e6c42755cc0504;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: Fix "SNI for backend" when compiled against
OpenSSL without support for SSLv2.

PR 55194.

Followup to r1497466. Does not apply to trunk or 2.4.x.

Proposed by: rjung
Reviewed by: covener, trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1500108 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 5d0a8f20219..96bb196e512 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,7 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.26
 
-
+  *) mod_ssl: Fix compilation error when OpenSSL does not contain
+     support for SSLv2. Problem was introduced in 2.2.25. PR 55194.
+     [Rainer Jung]
 
 Changes with Apache 2.2.25
 
diff --git a/STATUS b/STATUS
index 0f32779e339..d2acf06b3c1 100644
--- a/STATUS
+++ b/STATUS
@@ -93,12 +93,6 @@ CURRENT RELEASE NOTES:
 
 RELEASE SHOWSTOPPERS:
 
-  * mod_ssl: Fix "SNI for backend" when compiled against OpenSSL without
-    support for SSLv2. Followup to r1497466. PR 55194.
-    trunk patch: Does not apply to trunk
-    2.4.x patch: Does not apply to 2.4
-    2.2.x patch: http://people.apache.org/~rjung/patches/sni-backend-fix-r1497466-2_2.patch
-    +1: rjung, covener, trawick
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 13131900fb6..58bd6bc5a0b 100644
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -1079,7 +1079,9 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
          * IPv4 and IPv6 addresses are not permitted".)
          */
         if (hostname_note &&
+#ifndef OPENSSL_NO_SSL2
             sc->proxy->protocol != SSL_PROTOCOL_SSLV2 &&
+#endif
             sc->proxy->protocol != SSL_PROTOCOL_SSLV3 &&
             apr_ipsubnet_create(&ip, hostname_note, NULL,
                                 c->pool) != APR_SUCCESS) {