https://bz.apache.org/bugzilla/show_bug.cgi?id=62232
--- Comment #15 from Rainer Jung <[email protected]> --- Partial problem analysis, all happening in the child: First during startup: - initialises proxy->ssl_ctx in ssl_init_proxy_ctx() - ssl_init_ConfigureServer sets proxy_post_config=1 and then during request handling - calling ssl_init_connection_ctx without perdir - a new perdir ssl config is merged on top of the config set up during startup, the result now has ssl_ctx == NULL I thought about adding ssl_ctx to the fields to merge in the perdir merging (using the one from add if set and otherwise the one from base). But that could be wrong, because the perdir merging also merges pkp settings which in the end result can be a mixture of base and add settings, so the ssl_ctx seems to need a fresh creation for the end result. On the other hand it seems that no SSLProxy settings are allowed in non-<Proxy> perdir. So the following minimal patch works for my reproduction case, but I wonder whether that is really correct, ie. whether the ssl_ctx really has the right config: --- modules/ssl/ssl_engine_config.c 2018-02-16 12:16:46.700863000 +0100 +++ modules/ssl/ssl_engine_config.c 2018-04-01 02:35:36.251855000 +0200 @@ -465,6 +465,7 @@ cfgMergeString(pkp->cert_file); cfgMergeString(pkp->cert_path); cfgMergeString(pkp->ca_cert_file); + cfgMerge(ssl_ctx, NULL); } void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
