projects / packages / apache.git / blame
| Commit | Line | Data |
|---|---|---|
| 9c65b55c ER |
1 | |
| 2 | Author: jorton | |
| 3 | Date: Fri Jan 13 06:21:42 2006 | |
| 4 | New Revision: 368730 | |
| 5 | ||
| 6 | URL: http://svn.apache.org/viewcvs?rev=368730&view=rev | |
| 7 | Log: | |
| 8 | Merge r354394 from trunk: | |
| 9 | ||
| 10 | * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further | |
| 11 | access control checks if SSL is not in use regardless of vhost | |
| 12 | settings. | |
| 13 | ||
| 14 | Submitted by: Rüdiger Plüm, Joe Orton | |
| 15 | Reviewed by: rpluem, jorton, jim | |
| 16 | PR: 37791 | |
| 17 | ||
| 18 | --- httpd-2.2.0/modules/ssl/ssl_engine_kernel.c.cve3357 | |
| 19 | +++ httpd-2.2.0/modules/ssl/ssl_engine_kernel.c | |
| 20 | @@ -202,11 +202,14 @@ | |
| 21 | } | |
| 22 | ||
| 23 | /* | |
| 24 | - * Check to see if SSL protocol is on | |
| 25 | + * Check to see whether SSL is in use; if it's not, then no | |
| 26 | + * further access control checks are relevant. (the test for | |
| 27 | + * sc->enabled is probably strictly unnecessary) | |
| 28 | */ | |
| 29 | - if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) { | |
| 30 | + if (sc->enabled == SSL_ENABLED_FALSE || !ssl) { | |
| 31 | return DECLINED; | |
| 32 | } | |
| 33 | + | |
| 34 | /* | |
| 35 | * Support for per-directory reconfigured SSL connection parameters. | |
| 36 | * |