From: Stefan Eissing Date: Thu, 8 Nov 2018 10:09:21 +0000 (+0000) Subject: *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly X-Git-Tag: 2.5.0-alpha2-ci-test-only~2250 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe55941af92bf422ef20a03f48231229da41b70c;p=thirdparty%2Fapache%2Fhttpd.git *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1846111 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index bc0d220193e..51e602ae275 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly + on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing] + *) mod_ssl: clear *SSL errors before loading certificates and checking afterwards. Otherwise errors are reported when other SSL using modules are in play. Fixes PR 62880. [Michael Kaufmann] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e91f600e879..1570d8da647 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1605,10 +1605,7 @@ static authz_status ssl_authz_require_ssl_check(request_rec *r, const char *require_line, const void *parsed) { - SSLConnRec *sslconn = myConnConfig(r->connection); - SSL *ssl = sslconn ? sslconn->ssl : NULL; - - if (ssl) + if (modssl_request_is_tls(r, NULL)) return AUTHZ_GRANTED; else return AUTHZ_DENIED;