From f9e04c5dbb9e17ce5b4fe3e55f80c95f3c0fdabd Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Thu, 30 Jun 2016 14:42:39 +0000 Subject: [PATCH] Merge r1750779 from trunk: modssl: reset client-verify state when renegotiation is aborted Submitted by: icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1750808 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 5 ----- modules/ssl/ssl_engine_kernel.c | 1 + 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 4ba72a611da..cc2f340582d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.23 + *) mod_ssl: reset client-verify state of ssl when aborting renegotiations. + [Erki Aring , Stefan Eissing] + *) mod_sed: Fix 'x' command processing. [Christophe Jaillet] *) configure: Fix ./configure edge-case failures around dependencies diff --git a/STATUS b/STATUS index 84df88bffcc..9dbf8cb2725 100644 --- a/STATUS +++ b/STATUS @@ -116,11 +116,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_ssl: reset client-verify state of connection when renegotiation is - aborted. - trunk patch: http://svn.apache.org/r1750779 - 2.4.x: trunk patch works - +1: icing, jim, ylavic PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 4fa0b12889f..8b6149d8ec3 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -727,6 +727,7 @@ int ssl_hook_Access(request_rec *r) * on this connection. */ apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client"); + SSL_set_verify(ssl, verify_old, ssl_callback_SSLVerify); return HTTP_FORBIDDEN; } /* optimization */ -- 2.47.2