On Wed, Nov 1, 2017 at 6:34 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> You are right, thanks. With the new _ex entry points the backport looks ABI
> clean, nicely done Yann.
Thanks Bill, by taking a last look at the proposed patch, I've noticed
that v5 partially reverted r1747069, a change that you made and
backported to 2.4.21 (IIRC), but which happened later in time than
than my SSLProxy changes in trunk.
I missed that when resolving the conflict around this code in v5.
So I've just updated the proposal to v6 with this (only) change:
@@ -2069,13 +2046,13 @@ Index: modules/ssl/ssl_engine_io.c
- else if ((sc->proxy_ssl_check_peer_cn == SSL_ENABLED_TRUE) &&
-+ else if ((dc->proxy->ssl_check_peer_cn != FALSE) &&
++ else if ((dc->proxy->ssl_check_peer_cn == TRUE) &&
const char *hostname;
int match = 0;
which restores the existing (and expected) behaviour here.