]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
* As proposed by wrowe on list always define SSLStrictSNIVHostCheck, but error
authorRuediger Pluem <rpluem@apache.org>
Sat, 2 May 2009 07:47:59 +0000 (07:47 +0000)
committerRuediger Pluem <rpluem@apache.org>
Sat, 2 May 2009 07:47:59 +0000 (07:47 +0000)
  out if we are not compiled against an SNI capable OpenSSL.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@770907 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/mod_ssl.c
modules/ssl/ssl_engine_config.c
modules/ssl/ssl_private.h

index fb5ded244f6366e6971486b6206438d3c2a6e9b7..3b49b6a2d7502783648ccdab19c46d693d5bbf4c 100644 (file)
@@ -129,10 +129,8 @@ static const command_rec ssl_config_cmds[] = {
     SSL_CMD_SRV(LogLevelDebugDump, TAKE1,
                 "Include I/O Dump when LogLevel is set to Debug "
                 "([ None (default) | IO (not bytes) | Bytes ])")
-#ifndef OPENSSL_NO_TLSEXT
     SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
                 "Strict SNI virtual host checking")
-#endif
 
     /*
      * Proxy configuration for remote SSL connections
index 70bbf758cf0ecd6c65742023da086dda83d67415..8175640ae2ee3c3db27ef968fb11cdd2f0676639 100644 (file)
@@ -1446,16 +1446,20 @@ const char *ssl_cmd_SSLProxyCheckPeerCN(cmd_parms *cmd, void *dcfg, int flag)
     return NULL;
 }
 
-#ifndef OPENSSL_NO_TLSEXT
 const char  *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag)
 {
+#ifndef OPENSSL_NO_TLSEXT
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
     sc->strict_sni_vhost_check = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
 
     return NULL;
-}
+#else
+    return "SSLStrictSNIVHostCheck failed; OpenSSL is not built with support "
+           "for TLS extensions and SNI indication. Refer to the "
+           "documentation, and build a compatible version of OpenSSL.";
 #endif
+}
 
 void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
 {
index 840230a3fce3d03295dac5ba66339ef12dda0a48..004967001d3f207ec358d6d6e796c965d740b805 100644 (file)
@@ -547,9 +547,7 @@ const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg);
-#ifndef OPENSSL_NO_TLSEXT
 const char  *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag);
-#endif
 
 const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);