3 Date: Fri Jan 13 06:21:42 2006
6 URL: http://svn.apache.org/viewcvs?rev=368730&view=rev
8 Merge r354394 from trunk:
10 * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further
11 access control checks if SSL is not in use regardless of vhost
14 Submitted by: Rüdiger Plüm, Joe Orton
15 Reviewed by: rpluem, jorton, jim
18 --- httpd-2.2.0/modules/ssl/ssl_engine_kernel.c.cve3357
19 +++ httpd-2.2.0/modules/ssl/ssl_engine_kernel.c
24 - * Check to see if SSL protocol is on
25 + * Check to see whether SSL is in use; if it's not, then no
26 + * further access control checks are relevant. (the test for
27 + * sc->enabled is probably strictly unnecessary)
29 - if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
30 + if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
35 * Support for per-directory reconfigured SSL connection parameters.