]>
Commit | Line | Data |
---|---|---|
9c65b55c ER |
1 | |
2 | Author: jorton | |
3 | Date: Fri Jan 13 06:21:42 2006 | |
4 | New Revision: 368730 | |
5 | ||
6 | URL: http://svn.apache.org/viewcvs?rev=368730&view=rev | |
7 | Log: | |
8 | Merge r354394 from trunk: | |
9 | ||
10 | * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further | |
11 | access control checks if SSL is not in use regardless of vhost | |
12 | settings. | |
13 | ||
14 | Submitted by: Rüdiger Plüm, Joe Orton | |
15 | Reviewed by: rpluem, jorton, jim | |
16 | PR: 37791 | |
17 | ||
18 | --- httpd-2.2.0/modules/ssl/ssl_engine_kernel.c.cve3357 | |
19 | +++ httpd-2.2.0/modules/ssl/ssl_engine_kernel.c | |
20 | @@ -202,11 +202,14 @@ | |
21 | } | |
22 | ||
23 | /* | |
24 | - * Check to see if SSL protocol is on | |
25 | + * Check to see whether SSL is in use; if it's not, then no | |
26 | + * further access control checks are relevant. (the test for | |
27 | + * sc->enabled is probably strictly unnecessary) | |
28 | */ | |
29 | - if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) { | |
30 | + if (sc->enabled == SSL_ENABLED_FALSE || !ssl) { | |
31 | return DECLINED; | |
32 | } | |
33 | + | |
34 | /* | |
35 | * Support for per-directory reconfigured SSL connection parameters. | |
36 | * |