WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit 0c9333ea authored Jun 30, 2016 by Jim Jagielski

Merge r1750779 from trunk:

modssl: reset client-verify state when renegotiation is aborted
Submitted by: icing
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1750808 13f79535-47bb-0310-9956-ffa450edef68

parent a1876d29

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,9 @@

		Changes with Apache 2.4.23

		*) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
		[Erki Aring <erki@example.ee>, Stefan Eissing]

		*) mod_sed: Fix 'x' command processing. [Christophe Jaillet]

		*) configure: Fix ./configure edge-case failures around dependencies

STATUS

+0 −5

Original line number	Diff line number	Diff line
		@@ -116,11 +116,6 @@ RELEASE SHOWSTOPPERS:
		PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
		[ start all new proposals below, under PATCHES PROPOSED. ]

		*) mod_ssl: reset client-verify state of connection when renegotiation is
		aborted.
		trunk patch: http://svn.apache.org/r1750779
		2.4.x: trunk patch works
		+1: icing, jim, ylavic


		PATCHES PROPOSED TO BACKPORT FROM TRUNK:

modules/ssl/ssl_engine_kernel.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -727,6 +727,7 @@ int ssl_hook_Access(request_rec *r)
		* on this connection.
		*/
		apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
		SSL_set_verify(ssl, verify_old, ssl_callback_SSLVerify);
		return HTTP_FORBIDDEN;
		}
		/* optimization */