41 lines
1.5 KiB
Diff
41 lines
1.5 KiB
Diff
|
From 5b0b68bdfd5a9ac5def45402723d32c5bd39cd8f Mon Sep 17 00:00:00 2001
|
||
|
|
From: Rainer Jung <rjung@apache.org>
|
||
|
|
Date: Thu, 18 Oct 2018 10:03:52 +0000
|
||
|
|
Subject: [PATCH 237/504] mod_ssl: We need to get the SSL_CTX for further
|
||
|
|
processing down below.
|
||
|
|
|
||
|
|
This fixes a crash during SSL renegotiation with OptRenegotiate set,
|
||
|
|
when client certificates are available from the original handshake
|
||
|
|
but were originally not verified and should get verified now.
|
||
|
|
This is a regression in 2.4.36 (unreleased).
|
||
|
|
|
||
|
|
Backport of r1828793 from trunk.
|
||
|
|
|
||
|
|
Submitted by: rjung
|
||
|
|
Reviewed by: rjung, rpluem, jorton
|
||
|
|
|
||
|
|
|
||
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1844223 13f79535-47bb-0310-9956-ffa450edef68
|
||
|
|
---
|
||
|
|
CHANGES | 5 +++++
|
||
|
|
STATUS | 5 -----
|
||
|
|
modules/ssl/ssl_engine_kernel.c | 2 +-
|
||
|
|
3 files changed, 6 insertions(+), 6 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
|
||
|
|
index 6cd0da527f..de0ffb09ef 100644
|
||
|
|
--- a/modules/ssl/ssl_engine_kernel.c
|
||
|
|
+++ b/modules/ssl/ssl_engine_kernel.c
|
||
|
|
@@ -485,7 +485,7 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo
|
||
|
|
{
|
||
|
|
server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
|
||
|
|
SSLSrvConfigRec *hssc = handshakeserver? mySrvConfig(handshakeserver) : NULL;
|
||
|
|
- SSL_CTX *ctx = NULL;
|
||
|
|
+ SSL_CTX *ctx = ssl ? SSL_get_SSL_CTX(ssl) : NULL;
|
||
|
|
BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
|
||
|
|
X509 *peercert;
|
||
|
|
X509_STORE *cert_store = NULL;
|
||
|
|
--
|
||
|
|
2.19.1
|
||
|
|
|