WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit 34024e16 authored Mar 29, 2005 by Joe Orton

Merge r111241 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Use
X509_STORE_CTX_get_ex_data() and SSL_get_ex_data_X509_STORE_CTX_idx()
to use the correct ex_data index from the context in pathological
cases where SSL_get_ex_data_X509_STORE_CTX_idx() does not return 0.

PR: 32529
Reviewed by: jorton, trawick, jerenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@159354 13f79535-47bb-0310-9956-ffa450edef68

parent a31f084b

STATUS

+0 −10

Original line number	Diff line number	Diff line
		@@ -109,16 +109,6 @@ PATCHES TO BACKPORT FROM TRUNK:
		svn rev 126565
		+1: bnicholes, trawick (no need for APLOG_NOERRNO in Apache >=2)

		*) mod_ssl: fix to access mod_ssl-specific X509_STORE_CTX userdata
		using the proper accessor function; matters only in some
		pathological cases with OpenSSL global variables not getting
		reset during reloads but is fatal in such cases.
		http://svn.apache.org/viewcvs?view=rev&rev=111241
		PR: 32529
		jerenkrantz chimes in: X509_STORE_CTX_get_app_data is a macro around
		X509_STORE_CTX_get_ex_data(ctx,0).
		+1: jorton, trawick, jerenkrantz

		*) several changes to improve logging of connection-oriented errors, including
		ap_log_cerror() API (needs minor bump in addition to changes below)
		http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289&r2=1.291

modules/ssl/ssl_engine_kernel.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -1187,7 +1187,8 @@ DH ssl_callback_TmpDH(SSL ssl, int export, int keylen)
		int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
		{
		/* Get Apache context back through OpenSSL context */
		SSL ssl = (SSL )X509_STORE_CTX_get_app_data(ctx);
		SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
		SSL_get_ex_data_X509_STORE_CTX_idx());
		conn_rec conn = (conn_rec )SSL_get_app_data(ssl);
		server_rec *s = conn->base_server;
		request_rec r = (request_rec )SSL_get_app_data2(ssl);