Summary: | This URL is too long for mod_ssl to have as the name of a website | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | bernard.l.dubreuil |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | CLOSED FIXED | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | 2.0.35 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
URL: | https://microlith.crrel.usace.army.mil:443 |
Description
bernard.l.dubreuil
2002-04-26 22:26:14 UTC
Apache 2.0.35 was already mostly up-to-date with respect to mod_ssl 2.8.8-1.3.24. Apache 2.0.36 will contain the remaining changes. Is the patch you refer to present in 2.8.8? If so, this should be fixed now in Apache 2.0.36. If not, where is this patch? If I look at the source code for mod_ssl 2.8.8-1.3.24 it does look like the md5 change is in ssl_engine_kernel.c. This ssl_engine_kernel.c was last changed on March 27, 2002 which is over a month ago. So I'll accept your assertion that the fix will be in Apache 2.0.36. Thanks! Can you give me a specific line number? I still can't find the change you're talking about in modssl 2.8.8 to be sure it's in Apache 2.0.36. Thanks! AHA! Found it. And it's not in yet for some strange reason. Hmph. Okay, well, I'll get the change committed today and *hopefully* it will be in 2.0.36, but the schedule is pretty tight on that. So apparently this is not NEW functionality in modssl 2.8.8, which is why I didn't find it before. It's functionality that was removed between Apache 2.0.33 and 2.0.34 as a "minor performance improvement", obviously unaware of this unintended side-effect. The following patch reverts to the MD5 behavior. That change has been reverted. Thanks for using Apache! =================================================================== RCS file: /home/cvspublic/httpd-2.0/modules/ssl/mod_ssl.c,v retrieving revision 1.63 retrieving revision 1.64 diff -u -r1.63 -r1.64 --- httpd-2.0/modules/ssl/mod_ssl.c 2002/04/07 03:37:35 1.63 +++ httpd-2.0/modules/ssl/mod_ssl.c 2002/04/30 17:10:12 1.64 @@ -279,6 +279,7 @@ SSLSrvConfigRec *sc = mySrvConfig(c->base_server); SSL *ssl; SSLConnRec *sslconn = myConnConfig(c); + char *vhost_md5; modssl_ctx_t *mctx; /* @@ -334,12 +335,13 @@ return DECLINED; /* XXX */ } - if (!SSL_set_session_id_context(ssl, - (unsigned char *)sc->vhost_id, - sc->vhost_id_len)) + vhost_md5 = ap_md5_binary(c->pool, sc->vhost_id, sc->vhost_id_len); + + if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5, + MD5_DIGESTSIZE*2)) { ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, - "Unable to set session id context to `%s'", sc->vhost_id); + "Unable to set session id context to `%s'", vhost_md5); c->aborted = 1; Well, at least I know what to do if it is not in 2.0.36. Thanks! It got tagged in to 2.0.36 today, so it _will_ be a part of that release. |