Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

2018-10-18 Thread Stefan Eissing 
Ok, the vote storm (category 3) was released and my proposal is moot. ;-)

> Am 18.10.2018 um 11:26 schrieb Stefan Eissing :
> 
> Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related 
> changes there and do one row of tests and vote on it? Maybe attach the branch 
> revision to the vote that was tested...
> 
> Seems to be able to save work, or?
> 
>> Am 18.10.2018 um 11:22 schrieb Yann Ylavic :
>> 
>> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung  wrote:
>>> 
>>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>>> backported?
>> 
>> +1
>> 
>> Regards,
>> Yann.
>

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

2018-10-18 Thread Stefan Eissing 
Can we not just make a ssl-for-2.4.37 branch, merge the mod_ssl related changes 
there and do one row of tests and vote on it? Maybe attach the branch revision 
to the vote that was tested...

Seems to be able to save work, or?

> Am 18.10.2018 um 11:22 schrieb Yann Ylavic :
> 
> On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung  wrote:
>> 
>> This fix at least formally applies to 2.4.x as well? Shouldn't it get
>> backported?
> 
> +1
> 
> Regards,
> Yann.

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

2018-10-18 Thread Yann Ylavic 
On Thu, Oct 18, 2018 at 11:18 AM Rainer Jung  wrote:
>
> This fix at least formally applies to 2.4.x as well? Shouldn't it get
> backported?

+1

Regards,
Yann.

Re: svn commit: r1844002 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c

2018-10-18 Thread Rainer Jung 
This fix at least formally applies to 2.4.x as well? Shouldn't it get 
backported?


Due to the below svn log message the bug was introduced by the feature 
that SSLProxy* can be used in  sections. That feature got 
backported to 2.4.x, so probably this fix here should be backported as well.


Regards,

Rainer

Am 16.10.2018 um 14:55 schrieb rpl...@apache.org:

Author: rpluem
Date: Tue Oct 16 12:55:01 2018
New Revision: 1844002

URL: http://svn.apache.org/viewvc?rev=1844002&view=rev
Log:
* Correctly merge configurations that have client certificates set
   by SSLProxyMachineCertificate{File|Path}.
   The certificates and keys loaded during configuration time got lost during
   runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
   level and there was an SSL directive at directory level, e.g. SSLRequire.
   This fixes a regression likely introduced in r1740928.

Modified:
 httpd/httpd/trunk/CHANGES
 httpd/httpd/trunk/modules/ssl/ssl_engine_config.c

Modified: httpd/httpd/trunk/CHANGES
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1844002&r1=1844001&r2=1844002&view=diff
==
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 16 12:55:01 2018
@@ -1,6 +1,9 @@
   -*- coding: utf-8 -*-
  Changes with Apache 2.5.1
  
+  *) mod_ssl: Correctly merge configurations that have client certificates set

+ by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
*) core: Ensure that aborted connections are logged as such. PR 62823
   [Arnaud Grandville ]
  


Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1844002&r1=1844001&r2=1844002&view=diff
==
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 16 12:55:01 2018
@@ -433,6 +433,8 @@ static void modssl_ctx_cfg_merge_proxy(a
  cfgMergeString(pkp->cert_file);
  cfgMergeString(pkp->cert_path);
  cfgMergeString(pkp->ca_cert_file);
+cfgMergeString(pkp->certs);
+cfgMergeString(pkp->ca_certs);
  }
  
  void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)