From: Stefan Eissing Date: Tue, 11 Feb 2020 10:13:24 +0000 (+0000) Subject: *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github X-Git-Tag: 2.5.0-alpha2-ci-test-only~1665 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e820d1ea4d3f1f5152574dbaa13979887a5c14b7;p=thirdparty%2Fapache%2Fhttpd.git *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github issue mod_md#172 (https://github.com/icing/mod_md/issues/172). [Michael Kaufmann , Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873888 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index ef8c44db3f1..30f253eae19 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github + issue mod_md#172 (https://github.com/icing/mod_md/issues/172). + [Michael Kaufmann , Stefan Eissing] + *) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a SameSite attribute. [Eric Covener] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 408ffd90202..a27168c5658 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2403,6 +2403,7 @@ static apr_status_t init_vhost(conn_rec *c, SSL *ssl, const char *servername) if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) { return APR_EGENERAL; } + SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify); } else { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044) @@ -2783,6 +2784,7 @@ int ssl_callback_alpn_select(SSL *ssl, if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) { return SSL_TLSEXT_ERR_ALERT_FATAL; } + SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify); } } }