Re: svn commit: r1740928 - in /httpd/httpd/trunk: ./ include/ modules/http2/ modules/proxy/ modules/ssl/ server/

Fri, 19 Aug 2016 08:50:18 -0700 

Additional issues since this patch in our maintainer mode...

httpd-2.x/modules/ssl/ssl_engine_config.c: In function
'ssl_cmd_SSLVerifyClient':
httpd-2.x/modules/ssl/ssl_engine_config.c:1083:27: warning: 'mode' may be
used uninitialized in this function [-Wmaybe-uninitialized]
         dc->nVerifyClient = mode;
                           ^
httpd-2.x/modules/ssl/ssl_engine_config.c: In function
'ssl_cmd_SSLProxyVerify':
httpd-2.x/modules/ssl/ssl_engine_config.c:1463:33: warning: 'mode' may be
used uninitialized in this function [-Wmaybe-uninitialized]
     dc->proxy->auth.verify_mode = mode;
                                 ^
You might assert that ssl_cmd_verify_parse always populates the third arg
except in case of error, you didn't satisfy the compiler of this fact ;-)



On Tue, Apr 26, 2016 at 4:46 AM, Yann Ylavic <[email protected]> wrote:

> On Tue, Apr 26, 2016 at 11:00 AM, Ruediger Pluem <[email protected]>
> wrote:
> >
> > On 04/26/2016 02:04 AM, [email protected] wrote:
> >>  static int ssl_hook_pre_connection(conn_rec *c, void *csd)
> >>  {
> >> -
> >>      SSLSrvConfigRec *sc;
> >>      SSLConnRec *sslconn = myConnConfig(c);
> >>
> >> -    if (sslconn) {
> >> -        sc = mySrvConfig(sslconn->server);
> >> -    }
> >> -    else {
> >> -        sc = mySrvConfig(c->base_server);
> >> -    }
> >>      /*
> >>       * Immediately stop processing if SSL is disabled for this
> connection
> >>       */
> >> -    if (c->master || !(sc && (sc->enabled == SSL_ENABLED_TRUE ||
> >> -                              (sslconn && sslconn->is_proxy))))
> >> -    {
> >> +    if (ssl_engine_status(c, sslconn) != OK) {
> >>          return DECLINED;
> >>      }
> >>
> >> -    /*
> >> -     * Create SSL context
> >> -     */
> >> -    if (!sslconn) {
> >> -        sslconn = ssl_init_connection_ctx(c);
> >> +    if (sslconn) {
> >> +        sc = mySrvConfig(sslconn->server);
> >>      }
> >> -
> >> -    if (sslconn->disabled) {
> >> -        return DECLINED;
> >> +    else {
> >> +        sc = mySrvConfig(c->base_server);
> >>      }
> >
> > We have a change in behaviour here. We no longer guarantee that we have
> an sslconn created and connected to c if SSL is
> > enabled. Is this intended?
>
> Actually ssl_init_connection_ctx(c) is done by
> ssl_init_ssl_connection() called just below (on return).
>
> Regards,
> Yann.
>

Reply via email to