WARNING! Gitlab maintenance operation scheduled for Monday, 20 April between 12:00 and 14:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit c4db6aaf authored Oct 18, 2018 by Rainer Jung

mod_ssl: Correctly merge configurations that have client certificates set

by SSLProxyMachineCertificate{File|Path}.

The certificates and keys loaded during configuration time got lost during
runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
level and there was an SSL directive at directory level, e.g. SSLRequire.

This fixes a regression likely introduced in r1740928 (backported in r1824187).

Backport of r1844002 from trunk.

Submitted by: rjung
Reviewed by: rjung, rpluem, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1844226 13f79535-47bb-0310-9956-ffa450edef68

parent 5b0b68bd

CHANGES

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -8,6 +8,9 @@ Changes with Apache 2.4.37
	but were originally not verified and should get verified now.		but were originally not verified and should get verified now.
	This is a regression in 2.4.36 (unreleased). [Ruediger Pluem]		This is a regression in 2.4.36 (unreleased). [Ruediger Pluem]

			*) mod_ssl: Correctly merge configurations that have client certificates set
			by SSLProxyMachineCertificate{File\|Path}. [Ruediger Pluem]

	Changes with Apache 2.4.36		Changes with Apache 2.4.36

	*) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified		*) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified

STATUS

+0 −9

Original line number	Original line	Diff line number	Diff line
	@@ -125,15 +125,6 @@ RELEASE SHOWSTOPPERS:
	PATCHES ACCEPTED TO BACKPORT FROM TRUNK:		PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
	[ start all new proposals below, under PATCHES PROPOSED. ]		[ start all new proposals below, under PATCHES PROPOSED. ]

	*) mod_ssl: Correctly merge configurations that have client certificates set
	by SSLProxyMachineCertificate{File\|Path}.
	The certificates and keys loaded during configuration time got lost during
	runtime if e.g. SSLProxyMachineCertificate{File\|Path} was set on virtual host
	level and there was an SSL directive at directory level, e.g. SSLRequire.
	This fixes a regression likely introduced in r1740928 (backported in r1824187).
	trunk patch: http://svn.apache.org/r1844002
	2.4.x patch: svn merge -c 1844002 ^/httpd/httpd/trunk .
	+1: rjung, rpluem, jorton

	PATCHES PROPOSED TO BACKPORT FROM TRUNK:		PATCHES PROPOSED TO BACKPORT FROM TRUNK:
	[ New proposals should be added at the end of the list ]		[ New proposals should be added at the end of the list ]

modules/ssl/ssl_engine_config.c

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -467,6 +467,8 @@ static void modssl_ctx_cfg_merge_proxy(apr_pool_t *p,
	cfgMergeString(pkp->cert_file);		cfgMergeString(pkp->cert_file);
	cfgMergeString(pkp->cert_path);		cfgMergeString(pkp->cert_path);
	cfgMergeString(pkp->ca_cert_file);		cfgMergeString(pkp->ca_cert_file);
			cfgMergeString(pkp->certs);
			cfgMergeString(pkp->ca_certs);
	}		}

	void ssl_config_perdir_merge(apr_pool_t p, void basev, void addv)		void ssl_config_perdir_merge(apr_pool_t p, void basev, void addv)