VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-15 23:27:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

mod_ssl: Don't enable CRL checks/flags by default.

Browse Source 
(follow up/fix to r1748338 committed in 2.4.21)

Submitted by: ylavic
Reviewed by: icing, minfrin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1748442 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Graham Leggett
2016-06-14 16:34:14 +00:00
parent 0c58fc82aa
commit abc50f6d6c
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/ssl/ssl_engine_init.c
View File

@ -787,7 +787,12 @@ static apr_status_t ssl_init_ctx_crl(server_rec *s,
X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
unsigned long crlflags = 0;
char *cfgp = mctx->pkp ? "SSLProxy" : "SSL";
int crl_check_mode = mctx->crl_check_mask & ~SSL_CRLCHECK_FLAGS;
int crl_check_mode;
if (mctx->crl_check_mask == UNSET) {
mctx->crl_check_mask = SSL_CRLCHECK_NONE;
}
crl_check_mode = mctx->crl_check_mask & ~SSL_CRLCHECK_FLAGS;
/*
* Configure Certificate Revocation List (CRL) Details