cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c (fwd)

Thu, 04 Apr 2002 18:21:55 -0800 

dear RM, please consider bumping for .34, else users with the typical ssl 
proxy config:

    SSLProxyEngine On
    ProxyPass        / https://foo/
    ProxyPassReverse / https://foo/

will get this ugly error message on every request:
[error] mod_ssl: Certificate Verification: Error ...

even though when SSLProxyVerify is not configured it defaults to "none".
in the server context we never see this because the callback never happens 
unless SSLVerifyClient is configured to something other than "none".
the 1.3 based mod_ssl:ssl_engine_ext.c:ssl_ext_mp_verify_cb does the equiv 
of the patch here:

    /*
     * Unless stated otherwise by the configuration, we really don't
     * care if the verification was okay or not, so lets return now
     * before we do anything involving memory or time.
     */
    if (sc->bProxyVerify == FALSE)
        return ok;

---------- Forwarded message ----------
Date: 5 Apr 2002 02:31:04 -0000
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c

dougm       02/04/04 18:31:04

  Modified:    modules/ssl ssl_engine_kernel.c
  Log:
  avoid the error_log message: [error] mod_ssl: Certificate Verification: Error ...
  if SSLProxyVerify is not configured or set to "none".
  the verify callback does not happen in the server context when
  SSLVerify is not configured or set to "none".
  
  Revision  Changes    Path
  1.67      +9 -0      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.66
  retrieving revision 1.67
  diff -u -r1.66 -r1.67
  --- ssl_engine_kernel.c       30 Mar 2002 08:11:44 -0000      1.66
  +++ ssl_engine_kernel.c       5 Apr 2002 02:31:04 -0000       1.67
  @@ -1305,6 +1305,15 @@
           verify = mctx->auth.verify_mode;
       }
   
  +    if (verify == SSL_CVERIFY_NONE) {
  +        /* 
  +         * SSLProxyVerify is either not configured or set to "none".
  +         * (this callback doesn't happen in the server context if SSLVerify
  +         *  is not configured or set to "none")
  +         */
  +        return TRUE;
  +    }
  +
       if (ssl_verify_error_is_optional(errnum) &&
           (verify == SSL_CVERIFY_OPTIONAL_NO_CA))
       {

Reply via email to