https://bz.apache.org/bugzilla/show_bug.cgi?id=62232
--- Comment #17 from Yann Ylavic <[email protected]> --- Thanks Mark for the traces/tests, and Rainer for the patch and analyses. A NULL proxy->ssl_ctx may come from any dir context with no SSLProxy* directive (adding one like "SSLProxyEnable on" should possibly work around the issue). Since ssl_proxy_section_post_config() isn't called, the merge/init parts are missing for the SSL proxy configuration... So indeed merging ssl_ctx is the right thing to do in this case, though I would do it in the mod_ssl only ssl_config_perdir_merge() function. If it's done in modssl_ctx_cfg_merge_proxy(), which is also called indirectly from ssl_proxy_section_post_config(), merging ssl_ctx before ssl_init_proxy_ctx() may prevent it from being created according to the appropriate <Proxy > section. How about the below patch instead? Index: modules/ssl/ssl_engine_config.c =================================================================== --- modules/ssl/ssl_engine_config.c (revision 1828248) +++ modules/ssl/ssl_engine_config.c (working copy) @@ -499,13 +499,21 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void cfgMergeInt(nRenegBufferSize); mrg->proxy_post_config = add->proxy_post_config; - if (!add->proxy_post_config) { + if (!mrg->proxy_post_config) { cfgMergeBool(proxy_enabled); modssl_ctx_init_proxy(mrg, p); modssl_ctx_cfg_merge_proxy(p, base->proxy, add->proxy, mrg->proxy); + + /* Since ssl_proxy_section_post_config() hook won't be called if there + * is no SSLProxy* in this dir config, the ssl_ctx may still be NULL + * here at runtime. Merging it is either a no-op (NULL => NULL) because + * we are still before post config, or we really want to reuse the one + * from the upper/server context (outside of <Proxy> sections). + */ + cfgMerge(proxy->ssl_ctx, NULL); } else { - /* post_config hook has already merged and initialized the + /* The post_config hook has already merged and initialized the * proxy context, use it. */ mrg->proxy_enabled = add->proxy_enabled; -- -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
