DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20852>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20852 ssl_var_lookup needs to check for sslconn Summary: ssl_var_lookup needs to check for sslconn Product: Apache httpd-2.0 Version: 2.0.46 Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When invoking ssl_var_lookup through APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup), it crashes when the connection is not an SSL connection, and the variable is "SSL_CLIENT_S_DN". In that case, ssl_var_lookup_ssl retrieves myConnConfig(c), which returns NULL, and then accesses ssl = sslconn->ssl; which crashes. There is apparently no way for the caller to find out whether the current connection is an SSL connection (e.g. querying for "HTTPS" causes the same crash). Therefore, I think mod_ssl should handle such calls gracefully, returning NULL if an SSL_ variable is requested but no SSL connection is established. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
