From: Joe Orton Date: Tue, 29 Mar 2005 08:36:02 +0000 (+0000) Subject: Merge r111241 from trunk: X-Git-Tag: 2.0.54~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edda0c76adf02050cb5008136007c218e994fa7b;p=thirdparty%2Fapache%2Fhttpd.git Merge r111241 from trunk: * modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Use X509_STORE_CTX_get_ex_data() and SSL_get_ex_data_X509_STORE_CTX_idx() to use the correct ex_data index from the context in pathological cases where SSL_get_ex_data_X509_STORE_CTX_idx() does not return 0. PR: 32529 Reviewed by: jorton, trawick, jerenkrantz git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@159354 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 2338440f1cb..214a4f37d5d 100644 --- a/STATUS +++ b/STATUS @@ -109,16 +109,6 @@ PATCHES TO BACKPORT FROM TRUNK: svn rev 126565 +1: bnicholes, trawick (no need for APLOG_NOERRNO in Apache >=2) - *) mod_ssl: fix to access mod_ssl-specific X509_STORE_CTX userdata - using the proper accessor function; matters only in some - pathological cases with OpenSSL global variables not getting - reset during reloads but is fatal in such cases. - http://svn.apache.org/viewcvs?view=rev&rev=111241 - PR: 32529 - jerenkrantz chimes in: X509_STORE_CTX_get_app_data is a macro around - X509_STORE_CTX_get_ex_data(ctx,0). - +1: jorton, trawick, jerenkrantz - *) several changes to improve logging of connection-oriented errors, including ap_log_cerror() API (needs minor bump in addition to changes below) http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289&r2=1.291 diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 9af8f759fa9..99cd8dbb2c8 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1187,7 +1187,8 @@ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen) int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) { /* Get Apache context back through OpenSSL context */ - SSL *ssl = (SSL *)X509_STORE_CTX_get_app_data(ctx); + SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl); server_rec *s = conn->base_server; request_rec *r = (request_rec *)SSL_get_app_data2(ssl);