WARNING! Gitlab maintenance operation scheduled for Monday, 20 April between 12:00 and 14:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit 84edf5f4 authored Mar 20, 2019 by Joe Orton

Merge r1855849 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Correctly
  restore SSL verify state after PHA failure in TLSv1.3.

Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Reviewed by: jorton, covener, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855917 13f79535-47bb-0310-9956-ffa450edef68

parent f36fe792

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.4.39

		*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
		[Michael Kaufmann <mail michael-kaufmann.ch>]

		*) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host
		PR 55348

modules/ssl/ssl_engine_kernel.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1155,6 +1155,7 @@ static int ssl_hook_Access_modern(request_rec r, SSLSrvConfigRec sc, SSLDirCon
		ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
		apr_table_setn(r->notes, "error-notes",
		"Reason: Cannot perform Post-Handshake Authentication.<br />");
		SSL_set_verify(ssl, vmode_inplace, NULL);
		return HTTP_FORBIDDEN;
		}

		@@ -1176,6 +1177,7 @@ static int ssl_hook_Access_modern(request_rec r, SSLSrvConfigRec sc, SSLDirCon
		* Finally check for acceptable renegotiation results
		*/
		if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
		SSL_set_verify(ssl, vmode_inplace, NULL);
		return rc;
		}
		}