Skip to content
  1. Nov 29, 2009
  2. Nov 21, 2009
  3. Nov 20, 2009
  4. Nov 19, 2009
  5. Nov 18, 2009
  6. Nov 17, 2009
  7. Nov 16, 2009
  8. Nov 08, 2009
  9. Nov 07, 2009
    • Joe Orton's avatar
      Merge r833582, r833593 from trunk: · 0c75010d
      Joe Orton authored
      SECURITY: Partial fix for CVE-2009-3555:
      
      Reject client-initiated renegotiations; this is sufficient to prevent
      the attack for any configuration which does not require renegotiation
      due to per-directory/per-location access control configuration.
      
      Configuration with per-directory/per-location access control
      requirements (such as "SSLVerifyClient require") are still vulnerable
      to CVE-2009-3555 with this patch applied (if using OpenSSL <= 0.9.8k).
      
      * modules/ssl/ssl_private.h (SSLConnRec): Add reneg_state field.
        (ssl_callback_Info): Renamed from ssl_callback_LogTracingState.
      
      * modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks): Install
        the (renamed) info callback unconditionally.
      
      * modules/ssl/ssl_engine_io.c (ssl_filter_ctx_t): Add config pointer
        to SSLConnRec.
        (bio_filter_out_write, bio_filter_in_read): Fail with
        APR_ECONNABORTED if the reneg state is set to RENEG_ABORT.
      
      * modules/ssl/ssl_engine_kernel.c (log_tracing_state): Factored out
        of ssl_callback_LogTracingState.
        (ssl_callback_Info): New function.
      
      Submitted by: jorton, rpluem
      Reviewed by: jorton, rpluem, dirkx
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@833622 13f79535-47bb-0310-9956-ffa450edef68
      0c75010d
  10. Nov 05, 2009
  11. Nov 04, 2009
  12. Nov 02, 2009
  13. Nov 01, 2009
  14. Oct 29, 2009
  15. Oct 27, 2009
  16. Oct 26, 2009
  17. Oct 25, 2009
  18. Oct 23, 2009
  19. Oct 20, 2009
  20. Oct 18, 2009
  21. Oct 17, 2009