Commit 89d958c9 authored by Sander Striker's avatar Sander Striker
Browse files

Forward port patch for CAN-2003-0192 from 2.0. 

SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
of per-directory renegotiations and the SSLCipherSuite directive
being used to upgrade from a weak ciphersuite to a strong one
could result in the weak ciphersuite being used in place of the
strong one.  [Ben Laurie]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100518 13f79535-47bb-0310-9956-ffa450edef68
parent 4870bbf6

ssl_engine_kernel.c

+1 −1
Original line number Diff line number Diff line
@@ -442,7 +442,7 @@ int ssl_hook_Access(request_rec *r) 
        SSL_set_verify_result(ssl, X509_V_OK);



        /* determine whether we've to force a renegotiation */

        if (verify != verify_old) {

        if (!renegotiate && verify != verify_old) {

            if (((verify_old == SSL_VERIFY_NONE) &&

                 (verify     != SSL_VERIFY_NONE)) ||