https://issues.apache.org/bugzilla/show_bug.cgi?id=56919
--- Comment #10 from Kaspar Brand <[email protected]> --- Thank you for the thorough debugging and analysis, Alex. I think it's really a duplicate of bug 54357, and it would be best to dupe this one into it (or vice versa). (In reply to Alex Bligh from comment #9) > The final option would be to rewrite the stapling code so it didn't use > ex_data at all. To me this seems like the best route, but I don't understand > the stapling code well enough to do it. > > Is there some easier option I have missed? One option might be to avoid ex_data fiddling in the "first round", based on a ssl_config_global_isfixed() check - i.e., something like this (untested): Index: ssl_engine_init.c =================================================================== --- ssl_engine_init.c (revision 1624017) +++ ssl_engine_init.c (working copy) @@ -272,7 +272,9 @@ return HTTP_INTERNAL_SERVER_ERROR; } #ifdef HAVE_OCSP_STAPLING - ssl_stapling_ex_init(); + if (ssl_config_global_isfixed(mc) == TRUE) { + ssl_stapling_ex_init(); + } #endif /* @@ -1067,6 +1069,7 @@ * later, we defer to the code in ssl_init_server_ctx. */ if ((mctx->stapling_enabled == TRUE) && + (ssl_config_global_isfixed(mc) == TRUE) && !ssl_stapling_init_cert(s, mctx, cert)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02567) "Unable to configure certificate %s for stapling", @@ -1418,7 +1421,8 @@ * (late) point makes sure that we catch both certificates loaded * via SSLCertificateFile and SSLOpenSSLConfCmd Certificate. */ - if (sc->server->stapling_enabled == TRUE) { + if ((sc->server->stapling_enabled == TRUE) && + (ssl_config_global_isfixed(myModConfig(s)) == TRUE)) { X509 *cert; int i = 0; int ret = SSL_CTX_set_current_cert(sc->server->ssl_ctx, Getting rid of ex_data might be cleaner in the end, and was actually one of Joe's questions on the dev list in October 2009: https://mail-archives.apache.org/mod_mbox/httpd-dev/200910.mbox/%[email protected]%3E (see also bug 43822) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
