On Mon, Mar 1, 2010 at 9:49 AM, Joe Orton <[email protected]> wrote: > On Mon, Mar 01, 2010 at 11:49:44AM +0000, Joe Orton wrote: >> On Mon, Mar 01, 2010 at 01:31:36AM -0000, Graham Leggett wrote: >> > --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c (original) >> > +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_io.c Mon Mar 1 >> > 01:31:36 2010 >> > if (!in) >> > return 0; >> > >> > - /* Abort early if the client has initiated a renegotiation. */ >> > - if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) { >> > - inctx->rc = APR_ECONNABORTED; >> > - return -1; >> > - } >> >> I mis-merged that backport, it shouldn't have removed that chunk :( > > I guess we need votes again, for 2.2.x to restore that chunk, vote now: > > Index: modules/ssl/ssl_engine_io.c > =================================================================== > --- modules/ssl/ssl_engine_io.c (revision 917550) > +++ modules/ssl/ssl_engine_io.c (working copy) > @@ -472,6 +472,12 @@ > if (!in) > return 0; > > + /* Abort early if the client has initiated a renegotiation. */ > + if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) { > + inctx->rc = APR_ECONNABORTED; > + return -1; > + } > + > /* In theory, OpenSSL should flush as necessary, but it is known > * not to do so correctly in some cases; see PR 46952. > *
+1
