I would like to propose a slight change to mod_ssl sssl_engine_init.c The recent openssl versions changed teh definitions of the SSLvnn_xxx_method to be const. This has an impact to the ssl_init_ctx_protocol function.
The curent code reads:
static void ssl_init_ctx_protocol(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modssl_ctx_t *mctx)
{
SSL_CTX *ctx = NULL;
SSL_METHOD *method = NULL;
..... some stuff deleted
if (protocol == SSL_PROTOCOL_SSLV2) {
method = mctx->pkp ?
SSLv2_client_method() : /* proxy */
SSLv2_server_method(); /* server */
ctx = SSL_CTX_new(method); /* only SSLv2 is left */
}
else {
method = mctx->pkp ?
SSLv23_client_method() : /* proxy */
SSLv23_server_method(); /* server */
ctx = SSL_CTX_new(method); /* be more flexible */
}
------
Since method is only used in the two cases before I think it is
better to use the expressions as a parameter to SSL_CTX_new
and not declare "method".
Thanks for consideration.
Peter Sylvester
smime.p7s
Description: S/MIME Cryptographic Signature
