packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
httpd/Merge-r1842540-from-trunk.patch
dogsheng eb078d9d91 Package init
2019-12-26 15:53:32 +08:00

76 lines
2.3 KiB
Diff
Raw Blame History

From 5c1995151ab80cd71bc845bd288b90fd55665e2e Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Tue, 9 Oct 2018 23:26:35 +0000
Subject: [PATCH 209/504] Merge r1842540 from trunk:
* Pickup the proxy related configuration for verify mode and verify depth and
not the configuration settings for frontend connections in case of
connections by the proxy to the backend.
PR: 62769
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1843370 13f79535-47bb-0310-9956-ffa450edef68
---
CHANGES | 4 ++++
STATUS | 9 ---------
modules/ssl/ssl_engine_kernel.c | 25 ++++++++++++++++++-------
3 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index d576a298ec..6cd0da527f 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1740,7 +1740,8 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
/* Get verify ingredients */
int errnum = X509_STORE_CTX_get_error(ctx);
int errdepth = X509_STORE_CTX_get_error_depth(ctx);
- int depth, verify;
+ int depth = UNSET;
+ int verify = SSL_CVERIFY_UNSET;
/*
* Log verification information
@@ -1756,10 +1757,15 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
/*
* Check for optionally acceptable non-verifiable issuer situation
*/
- if (dc && (dc->nVerifyClient != SSL_CVERIFY_UNSET)) {
- verify = dc->nVerifyClient;
+ if (dc) {
+ if (sslconn->is_proxy) {
+ verify = dc->proxy->auth.verify_mode;
+ }
+ else {
+ verify = dc->nVerifyClient;
+ }
}
- else {
+ if (!dc || (verify == SSL_CVERIFY_UNSET)) {
verify = mctx->auth.verify_mode;
}
@@ -1863,10 +1869,15 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
/*
* Finally check the depth of the certificate verification
*/
- if (dc && (dc->nVerifyDepth != UNSET)) {
- depth = dc->nVerifyDepth;
+ if (dc) {
+ if (sslconn->is_proxy) {
+ depth = dc->proxy->auth.verify_depth;
+ }
+ else {
+ depth = dc->nVerifyDepth;
+ }
}
- else {
+ if (!dc || (depth == UNSET)) {
depth = mctx->auth.verify_depth;
}
--
2.19.1
Reference in New Issue View Git Blame Copy Permalink