This fix at least formally applies to 2.4.x as well? Shouldn't it get
backported?
Due to the below svn log message the bug was introduced by the feature
that SSLProxy* can be used in sections. That feature got
backported to 2.4.x, so probably this fix here should be backported as well.
Regards,
Rainer
Am 16.10.2018 um 14:55 schrieb rpl...@apache.org:
Author: rpluem
Date: Tue Oct 16 12:55:01 2018
New Revision: 1844002
URL: http://svn.apache.org/viewvc?rev=1844002&view=rev
Log:
* Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}.
The certificates and keys loaded during configuration time got lost during
runtime if e.g. SSLProxyMachineCertificate{File|Path} was set on virtual host
level and there was an SSL directive at directory level, e.g. SSLRequire.
This fixes a regression likely introduced in r1740928.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
Modified: httpd/httpd/trunk/CHANGES
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1844002&r1=1844001&r2=1844002&view=diff
==
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 16 12:55:01 2018
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_ssl: Correctly merge configurations that have client certificates set
+ by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
*) core: Ensure that aborted connections are logged as such. PR 62823
[Arnaud Grandville ]
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1844002&r1=1844001&r2=1844002&view=diff
==
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 16 12:55:01 2018
@@ -433,6 +433,8 @@ static void modssl_ctx_cfg_merge_proxy(a
cfgMergeString(pkp->cert_file);
cfgMergeString(pkp->cert_path);
cfgMergeString(pkp->ca_cert_file);
+cfgMergeString(pkp->certs);
+cfgMergeString(pkp->ca_certs);
}
void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)