A couple of mod_ssl bugs. (d1919e09) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

STATUS

+16 −1

Original line number	Diff line number	Diff line
		APACHE 2.0 STATUS: --text--
		Last modified at [$Date: 2004/10/10 22:06:40 $]
		Last modified at [$Date: 2004/10/11 16:11:37 $]

		Release:

		@@ -75,6 +75,20 @@ PATCHES TO BACKPORT FROM 2.1
		[ please place file names and revisions from HEAD here, so it is easy to
		identify exactly what the proposed changes are! ]

		*) mod_ssl: Fix and prevent an SSLCipherSuite bypass by resuming a
		session during a renegotiation.
		http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110&r2=1.111
		http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128&r2=1.129
		PR: 31505
		+1: jorton

		*) mod_ssl: Fail to configure when an SSL proxy is configured with
		incomplete client cert keypair, rather than segfaulting at
		runtime.
		http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
		PR: 24030
		+1: jorton

		*) Allow for the use of --with-module=foo:bar where the ./modules/foo
		directory is a local addition to the ./modules directory.
		Assumes, of course, that the required files are in ./modules/foo,
		@@ -110,6 +124,7 @@ PATCHES TO BACKPORT FROM 2.1
		http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/util_filter.c?r1=1.100&r2=1.101
		PR: 31247
		jerenkrantz comments: This needs the final patch posted to dev@httpd?
		jorton replies: it does indeed, hang on...
		+1: jorton

		*) Correctly store cache content type. PR 30278