- Fix CAN-2005-2700
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that renegotiation is performed for a transition from "SSLVerifyClient optional" to "SSLVerifyClient require".
This commit is contained in:
Clement Laforet
parent
c04ae9a466
commit
682f1eab30
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=142187
2 changed files with 15 additions and 1 deletions
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
PORTNAME= apache
|
||||
PORTVERSION= 2.0.54
|
||||
PORTREVISION= 3
|
||||
PORTREVISION= 4
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \
|
||||
${MASTER_SITE_LOCAL:S/%SUBDIR%/clement/}:powerlogo
|
||||
|
|
|
|||
14
www/apache2/files/patch-secfix-CAN-2005-2700
Normal file
14
www/apache2/files/patch-secfix-CAN-2005-2700
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
--- modules/ssl/ssl_engine_kernel.c 2005/08/30 15:54:34 264799
|
||||
+++ modules/ssl/ssl_engine_kernel.c 2005/08/30
|
||||
15:57:38 264800
|
||||
@@ -406,8 +406,8 @@
|
||||
(!(verify_old & SSL_VERIFY_PEER) &&
|
||||
(verify & SSL_VERIFY_PEER)) ||
|
||||
|
||||
- (!(verify_old & SSL_VERIFY_PEER_STRICT) &&
|
||||
- (verify & SSL_VERIFY_PEER_STRICT)))
|
||||
+ (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) &&
|
||||
+ (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
|
||||
{
|
||||
renegotiate = TRUE;
|
||||
/* optimization */
|
||||
Loading…
Reference in a new issue