ASF Bugzilla – Attachment 21071 Details for
Bug 43755
Add a SSLOptions to don't fill SSL_CLIENT_VERIFY
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
NoClientVerifyEnvVars patch
ssl.patch (text/plain), 2.22 KB, created by
Bruno Bonfils
on 2007-10-31 08:51:14 UTC
(
hide
)
Description:
NoClientVerifyEnvVars patch
Filename:
MIME Type:
Creator:
Bruno Bonfils
Created:
2007-10-31 08:51:14 UTC
Size:
2.22 KB
patch
obsolete
>diff -Nurp httpd-2.2.6/modules/ssl/ssl_engine_config.c apache2-2.2.6/modules/ssl/ssl_engine_config.c >--- httpd-2.2.6/modules/ssl/ssl_engine_config.c 2006-07-23 13:11:58.000000000 +0200 >+++ apache2-2.2.6/modules/ssl/ssl_engine_config.c 2007-10-31 16:25:44.214838500 +0100 >@@ -1130,6 +1130,9 @@ const char *ssl_cmd_SSLOptions(cmd_parms > else if (strcEQ(w, "OptRenegotiate")) { > opt = SSL_OPT_OPTRENEGOTIATE; > } >+ else if (strcEQ(w, "NoClientVerifyEnvVars")) { >+ opt = SSL_OPT_NOCLIENTVERIFYENVVAR; >+ } > else { > return apr_pstrcat(cmd->pool, > "SSLOptions: Illegal option '", w, "'", >diff -Nurp httpd-2.2.6/modules/ssl/ssl_engine_kernel.c apache2-2.2.6/modules/ssl/ssl_engine_kernel.c >--- httpd-2.2.6/modules/ssl/ssl_engine_kernel.c 2006-07-12 05:38:44.000000000 +0200 >+++ apache2-2.2.6/modules/ssl/ssl_engine_kernel.c 2007-10-31 16:25:17.429164500 +0100 >@@ -1022,7 +1022,13 @@ int ssl_hook_Fixup(request_rec *r) > if (dc->nOptions & SSL_OPT_STDENVVARS) { > for (i = 0; ssl_hook_Fixup_vars[i]; i++) { > var = (char *)ssl_hook_Fixup_vars[i]; >- val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); >+ >+ /* If option NoVerifyClientEnvVars defined, skip the SSL_CLIENT_VERIFY environment variable */ >+ if (!(strEQ(var, "SSL_CLIENT_VERIFY") && (dc->nOptions & SSL_OPT_NOCLIENTVERIFYENVVAR))) { >+ val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); >+ } else { >+ val = NULL; >+ } > if (!strIsEmpty(val)) { > apr_table_setn(env, var, val); > } >diff -Nurp httpd-2.2.6/modules/ssl/ssl_private.h apache2-2.2.6/modules/ssl/ssl_private.h >--- httpd-2.2.6/modules/ssl/ssl_private.h 2006-07-23 13:11:58.000000000 +0200 >+++ apache2-2.2.6/modules/ssl/ssl_private.h 2007-10-31 16:25:56.519607500 +0100 >@@ -199,6 +199,7 @@ typedef int ssl_algo_t; > #define SSL_OPT_FAKEBASICAUTH (1<<4) > #define SSL_OPT_STRICTREQUIRE (1<<5) > #define SSL_OPT_OPTRENEGOTIATE (1<<6) >+#define SSL_OPT_NOCLIENTVERIFYENVVAR (1<<7) > #define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE) > typedef int ssl_opt_t; >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=21071">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 43755
: 21071