On Tue, Apr 26, 2016 at 11:00 AM, Ruediger Pluem <rpl...@apache.org> wrote:
>
> On 04/26/2016 02:04 AM, yla...@apache.org wrote:
>> static int ssl_hook_pre_connection(conn_rec *c, void *csd)
>> {
>> -
>> SSLSrvConfigRec *sc;
>> SSLConnRec *sslconn = myConnConfig(c);
>>
>> - if (sslconn) {
>> - sc = mySrvConfig(sslconn->server);
>> - }
>> - else {
>> - sc = mySrvConfig(c->base_server);
>> - }
>> /*
>> * Immediately stop processing if SSL is disabled for this connection
>> */
>> - if (c->master || !(sc && (sc->enabled == SSL_ENABLED_TRUE ||
>> - (sslconn && sslconn->is_proxy))))
>> - {
>> + if (ssl_engine_status(c, sslconn) != OK) {
>> return DECLINED;
>> }
>>
>> - /*
>> - * Create SSL context
>> - */
>> - if (!sslconn) {
>> - sslconn = ssl_init_connection_ctx(c);
>> + if (sslconn) {
>> + sc = mySrvConfig(sslconn->server);
>> }
>> -
>> - if (sslconn->disabled) {
>> - return DECLINED;
>> + else {
>> + sc = mySrvConfig(c->base_server);
>> }
>
> We have a change in behaviour here. We no longer guarantee that we have an
> sslconn created and connected to c if SSL is
> enabled. Is this intended?
Actually ssl_init_connection_ctx(c) is done by
ssl_init_ssl_connection() called just below (on return).
Regards,
Yann.
