On Mon, Mar 01, 2010 at 11:49:44AM +0000, Joe Orton wrote:
> On Mon, Mar 01, 2010 at 01:31:36AM -0000, Graham Leggett wrote:
> > --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c (original)
> > +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c Mon Mar 1
> > 01:31:36 2010
> > if (!in)
> > return 0;
> >
> > - /* Abort early if the client has initiated a renegotiation. */
> > - if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
> > - inctx->rc = APR_ECONNABORTED;
> > - return -1;
> > - }
>
> I mis-merged that backport, it shouldn't have removed that chunk :(
I guess we need votes again, for 2.2.x to restore that chunk, vote now:
Index: modules/ssl/ssl_engine_io.c
===================================================================
--- modules/ssl/ssl_engine_io.c (revision 917550)
+++ modules/ssl/ssl_engine_io.c (working copy)
@@ -472,6 +472,12 @@
if (!in)
return 0;
+ /* Abort early if the client has initiated a renegotiation. */
+ if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
+ inctx->rc = APR_ECONNABORTED;
+ return -1;
+ }
+
/* In theory, OpenSSL should flush as necessary, but it is known
* not to do so correctly in some cases; see PR 46952.
*
