On 09 Dec 2013, at 10:50 AM, Thomas Eckert <[email protected]> wrote:
> So it should work out of the box. I figured as much but was unsure whether I
> hit a bug or forgot a configuration directive. Will look into it once I have
> the time :-/
Here is an untested patch, can you give it a try and confirm?
Index: modules/session/mod_session_crypto.c
===================================================================
--- modules/session/mod_session_crypto.c (revision 1550312)
+++ modules/session/mod_session_crypto.c (working copy)
@@ -222,7 +222,7 @@
* Returns APR_SUCCESS if successful.
*/
static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f,
- session_crypto_dir_conf *dconf, const char *in, char **out)
+ session_crypto_dir_conf *dconf, const char *in, char **out, int *dirty)
{
apr_status_t res;
apr_crypto_key_t *key = NULL;
@@ -252,6 +252,9 @@
apr_size_t len = decodedlen;
char *slider = decoded;
+ /* if not first passphrase, mark the session as dirty */
+ *dirty = *dirty & (i > 0);
+
/* encrypt using the first passphrase in the list */
res = apr_crypto_passphrase(&key, &ivSize, passphrase,
strlen(passphrase),
@@ -382,7 +385,7 @@
if ((dconf->passphrases_set) && z->encoded && *z->encoded) {
apr_pool_userdata_get((void **)&f, CRYPTO_KEY,
r->server->process->pconf);
- res = decrypt_string(r, f, dconf, z->encoded, &encoded);
+ res = decrypt_string(r, f, dconf, z->encoded, &encoded, &z->dirty);
if (res != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01842)
"decrypt session failed, wrong passphrase?");
Regards,
Graham
--
