https://bz.apache.org/bugzilla/show_bug.cgi?id=68863
--- Comment #6 from Ruediger Pluem <rpl...@apache.org> ---
Can you please check if the below patch fixes your issue?
Index: modules/ssl/ssl_engine_init.c
===================================================================
--- modules/ssl/ssl_engine_init.c (revision 1916856)
+++ modules/ssl/ssl_engine_init.c (working copy)
@@ -1346,6 +1346,7 @@
const char *vhost_id = mctx->sc->vhost_id, *key_id, *certfile, *keyfile;
int i;
EVP_PKEY *pkey;
+ int done = 0;
#ifdef HAVE_ECC
EC_GROUP *ecgroup = NULL;
int curve_nid = 0;
@@ -1518,7 +1519,7 @@
*/
certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *);
if (certfile && !modssl_is_engine_id(certfile)) {
- int done = 0, num_bits = 0;
+ int num_bits = 0;
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DH *dh = modssl_dh_from_file(certfile);
if (dh) {
@@ -1546,7 +1547,7 @@
}
}
#if !MODSSL_USE_OPENSSL_PRE_1_1_API
- else {
+ if (!done) {
/* If no parameter is manually configured, enable auto
* selection. */
SSL_CTX_set_dh_auto(mctx->ssl_ctx, 1);
Can you check if adding explicit DH parameters (created via openssl dhparam
2048) to your certificate file fixes the issue with and without patch?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
