VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-15 23:27:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

mod_ssl: Fixes PR 62880 where certificate loading fails bc SSL ERRs are

Browse Source 
not cleared beforehand.
+1: icing, jim, minfrin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1847280 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Graham Leggett
2018-11-23 14:57:22 +00:00
parent ea73587c6f
commit aa34530365
4 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.38
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]

6
STATUS
View File

@ -126,12 +126,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
*) mod_ssl: Fixes PR 62880 where certificate loading fails bc SSL ERRs are
not cleared beforehand.
trunk patch: http://svn.apache.org/r1845768
2.4.x patch: svn merge -c 1845768 ^/httpd/httpd/trunk .
+1: icing, jim, minfrin
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]

2
modules/ssl/ssl_engine_init.c
View File

@ -1038,8 +1038,10 @@ static int use_certificate_chain(
ctx->extra_certs = NULL;
}
#endif
/* create new extra chain by loading the certs */
n = 0;
ERR_clear_error();
while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
X509_free(x509);

2
modules/ssl/ssl_util_ocsp.c
View File

@ -363,7 +363,9 @@ static STACK_OF(X509) *modssl_read_ocsp_certificates(const char *file)
BIO_free(bio);
return NULL;
}
/* create new extra chain by loading the certs */
ERR_clear_error();
while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
if (!other_certs) {
other_certs = sk_X509_new_null();