Commit b3eaa012 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

Merge r1653997 from trunk.


r1653997 | ylavic | 2015-01-22 19:37:06 +0100 (Thu, 22 Jan 2015) | 7 lines

mod_ssl: Fix merge problem with SSLProtocol that made SSLProtocol ALL ignored
in virtualhost context (new version of r1653906 reverted by r1653993).

Submitted By: Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>
Committed/modified By: ylavic


Reviewed by: ylavic, wrowe, rjung
Backported by: ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1680917 13f79535-47bb-0310-9956-ffa450edef68
parent b84b8648
Loading
Loading
Loading
Loading
+4 −0
Original line number Diff line number Diff line
                                                         -*- coding: utf-8 -*-
Changes with Apache 2.2.30

  *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. 
     PR 57100.  [Michael Kaufmann <apache-bugzilla michael-kaufmann.ch>,
     Yann Ylavic]

  *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
     allowing custom parameters to be configured via SSLCertificateFile,
     and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
+0 −9
Original line number Diff line number Diff line
@@ -108,15 +108,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
     ylavic: trunk/2.4.x not concerned, 2.2.x only.
     +1: ylavic, jkaluza, wrowe

   * mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. PR 57100.
     trunk patch: http://svn.apache.org/r1653997
     2.4.x patch: merged in http://svn.apache.org/r1663258
     2.2.x patch: trunk works (modulo CHANGES)
     +1: ylavic, wrowe, rjung
     wrowe: good to fix inheritence. Unsure why ALL is the default on all
            branches, I was sure it wasn't, but if we subvert ALL later, we
            have done something odd. No impact on the validity of this patch.

   * mod_ssl: Propose a more modern Cipher and Protocol list, honor server cipher
     priority and add explanations relative to RFC 7525 guidance.
                  http://svn.apache.org/r1679428
+9 −1
Original line number Diff line number Diff line
@@ -113,6 +113,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx)
#endif

    mctx->protocol            = SSL_PROTOCOL_ALL;
    mctx->protocol_set        = 0;

    mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
    mctx->pphrase_dialog_path = NULL;
@@ -220,7 +221,12 @@ static void modssl_ctx_cfg_merge(modssl_ctx_t *base,
                                 modssl_ctx_t *add,
                                 modssl_ctx_t *mrg)
{
    cfgMerge(protocol, SSL_PROTOCOL_ALL);
    if (add->protocol_set) {
        mrg->protocol = add->protocol;
    }
    else {
        mrg->protocol = base->protocol;
    }

    cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
    cfgMergeString(pphrase_dialog_path);
@@ -1399,6 +1405,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
{
    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);

    sc->server->protocol_set = 1;
    return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol);
}

@@ -1417,6 +1424,7 @@ const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd,
{
    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);

    sc->proxy->protocol_set = 1;
    return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol);
}

+1 −0
Original line number Diff line number Diff line
@@ -504,6 +504,7 @@ typedef struct {
#endif

    ssl_proto_t  protocol;
    int protocol_set;

    /** config for handling encrypted keys */
    ssl_pphrase_t pphrase_dialog_type;