Commit 1b22e6bc authored by Rainer Jung's avatar Rainer Jung
Browse files

Support OpenSSL 1.1.0: 

- Fix renegotiation for the client side
  of a proxy connection.

Backport of r1730146 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755835 13f79535-47bb-0310-9956-ffa450edef68
parent 9fae484c

modules/ssl/ssl_engine_kernel.c

+11 −4
Original line number Diff line number Diff line
@@ -2141,7 +2141,9 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc) 
        if (state == SSL3_ST_SR_CLNT_HELLO_A

            || state == SSL23_ST_SR_CLNT_HELLO_A) {

#else

    if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_REJECT) {

    if (!scr->is_proxy &&

        (where & SSL_CB_HANDSHAKE_START) &&

        scr->reneg_state == RENEG_REJECT) {

#endif

            scr->reneg_state = RENEG_ABORT;

            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
@@ -2151,13 +2153,18 @@ void ssl_callback_Info(const SSL *ssl, int where, int rc) 
#endif

    }

#if OPENSSL_VERSION_NUMBER >= 0x10100000L

    else if ((where & SSL_CB_HANDSHAKE_START) && scr->reneg_state == RENEG_ALLOW) {

    else if (!scr->is_proxy &&

             (where & SSL_CB_HANDSHAKE_START) &&

             scr->reneg_state == RENEG_ALLOW) {

        scr->reneg_state = RENEG_STARTED;

    }

    else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_STARTED) {

    else if (!scr->is_proxy &&

             (where & SSL_CB_HANDSHAKE_DONE) &&

             scr->reneg_state == RENEG_STARTED) {

        scr->reneg_state = RENEG_DONE;

    }

    else if ((where & SSL_CB_ALERT) &&

    else if (!scr->is_proxy &&

             (where & SSL_CB_ALERT) &&

             (scr->reneg_state == RENEG_ALLOW || scr->reneg_state == RENEG_STARTED)) {

        scr->reneg_state = RENEG_ALERT;

    }