View | Details | Raw Unified | Return to bug 55707
Collapse All | Expand All

(-)modules/ssl/ssl_engine_kernel.c (-1 / +28 lines)
Lines 2136-2141 Link Here
2136
        if (servername) {
2136
        if (servername) {
2137
            if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
2137
            if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
2138
                                            (void *)servername)) {
2138
                                            (void *)servername)) {
2139
                SSLSrvConfigRec* sc = mySrvConfig(sslcon->server);
2140
                const char* version = SSL_get_version(ssl);
2141
                int mask = sc->server->protocol;
2142
                if (strcmp(version, SSL_TXT_TLSV1_2) == 0) {
2143
                    mask = SSL_PROTOCOL_TLSV1_2;
2144
                }
2145
                else if (strcmp(version, SSL_TXT_TLSV1_1) == 0) {
2146
                    mask = SSL_PROTOCOL_TLSV1_1;
2147
                }
2148
                else if (strcmp(version, SSL_TXT_TLSV1) == 0) {
2149
                    mask = SSL_PROTOCOL_TLSV1;
2150
                }
2151
                if (!(sc->server->protocol & mask)) {
2152
                    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02045)
2153
                                  "Rejecting version %s for servername %s",
2154
                                  version, servername);
2155
                    return APR_EMISMATCH;
2156
                }
2157
2139
                ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
2158
                ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
2140
                              "SSL virtual host for servername %s found",
2159
                              "SSL virtual host for servername %s found",
2141
                              servername);
2160
                              servername);
Lines 2209-2215 Link Here
2209
    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
2209
    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
2210
    apr_status_t status = init_vhost(c, ssl);
2210
    apr_status_t status = init_vhost(c, ssl);
2211
    
2211
    
2212
    return (status == APR_SUCCESS)? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
2212
    switch (status) {
2213
    case APR_SUCCESS:
2214
        return SSL_TLSEXT_ERR_OK;
2215
    case APR_EMISMATCH:
2216
        *al = SSL_AD_PROTOCOL_VERSION;
2217
        return SSL_TLSEXT_ERR_ALERT_FATAL;
2218
    default:
2219
        return SSL_TLSEXT_ERR_NOACK;
2220
    }
2213
}
2221
}
2214
2222
2215
/*
2223
/*

Return to bug 55707