On Tue, Apr 26, 2016 at 11:00 AM, Ruediger Pluem <rpl...@apache.org> wrote: > > On 04/26/2016 02:04 AM, yla...@apache.org wrote: >> static int ssl_hook_pre_connection(conn_rec *c, void *csd) >> { >> - >> SSLSrvConfigRec *sc; >> SSLConnRec *sslconn = myConnConfig(c); >> >> - if (sslconn) { >> - sc = mySrvConfig(sslconn->server); >> - } >> - else { >> - sc = mySrvConfig(c->base_server); >> - } >> /* >> * Immediately stop processing if SSL is disabled for this connection >> */ >> - if (c->master || !(sc && (sc->enabled == SSL_ENABLED_TRUE || >> - (sslconn && sslconn->is_proxy)))) >> - { >> + if (ssl_engine_status(c, sslconn) != OK) { >> return DECLINED; >> } >> >> - /* >> - * Create SSL context >> - */ >> - if (!sslconn) { >> - sslconn = ssl_init_connection_ctx(c); >> + if (sslconn) { >> + sc = mySrvConfig(sslconn->server); >> } >> - >> - if (sslconn->disabled) { >> - return DECLINED; >> + else { >> + sc = mySrvConfig(c->base_server); >> } > > We have a change in behaviour here. We no longer guarantee that we have an > sslconn created and connected to c if SSL is > enabled. Is this intended?
Actually ssl_init_connection_ctx(c) is done by ssl_init_ssl_connection() called just below (on return). Regards, Yann.