Summary: | SSLSessionCache directive mis-parses parens() in pathname | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | bugzilla33 <bugzilla33> |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | cowwoc, df, docwhat |
Priority: | P2 | Keywords: | FixedInTrunk |
Version: | 2.2.14 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All |
Description
bugzilla33
2009-10-06 06:25:07 UTC
Your analysis is correct (and description was wrong - it is an issue on any platform if the path includes parens). The fix is to split the directive into a TAKE12, where if there is a second argument, the paren parsing is disabled entirely. *** Bug 48931 has been marked as a duplicate of this bug. *** *** Bug 46420 has been marked as a duplicate of this bug. *** This bug was fixed over 2 years ago. Why hasn't it made it into an official release? I can still reproduce it in version 2.2.22. one word sloppiness This fixes the same issue with SSLStaplingCache. The fix was in the initial 2.4.x release in early 2012. |