On Wed, Nov 1, 2017 at 6:34 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> You are right, thanks. With the new _ex entry points the backport looks ABI
> clean, nicely done Yann.

Thanks Bill, by taking a last look at the proposed patch, I've noticed
that v5 partially reverted r1747069, a change that you made and
backported to 2.4.21 (IIRC), but which happened later in time than
than my SSLProxy changes in trunk.
I missed that when resolving the conflict around this code in v5.

So I've just updated the proposal to v6 with this (only) change:

--- httpd-2.4.x-r1740928_and_co-v5.patch
+++ httpd-2.4.x-r1740928_and_co-v6.patch
@@ -2069,13 +2046,13 @@ Index: modules/ssl/ssl_engine_io.c
 -        else if ((sc->proxy_ssl_check_peer_cn == SSL_ENABLED_TRUE) &&
-+        else if ((dc->proxy->ssl_check_peer_cn != FALSE) &&
++        else if ((dc->proxy->ssl_check_peer_cn == TRUE) &&
              hostname_note) {
              const char *hostname;
              int match = 0;

which restores the existing (and expected) behaviour here.


Reply via email to