On Wed, Nov 1, 2017 at 6:34 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > You are right, thanks. With the new _ex entry points the backport looks ABI > clean, nicely done Yann.
Thanks Bill, by taking a last look at the proposed patch, I've noticed that v5 partially reverted r1747069, a change that you made and backported to 2.4.21 (IIRC), but which happened later in time than than my SSLProxy changes in trunk. I missed that when resolving the conflict around this code in v5. So I've just updated the proposal to v6 with this (only) change: --- httpd-2.4.x-r1740928_and_co-v5.patch +++ httpd-2.4.x-r1740928_and_co-v6.patch @@ -2069,13 +2046,13 @@ Index: modules/ssl/ssl_engine_io.c } } - else if ((sc->proxy_ssl_check_peer_cn == SSL_ENABLED_TRUE) && -+ else if ((dc->proxy->ssl_check_peer_cn != FALSE) && ++ else if ((dc->proxy->ssl_check_peer_cn == TRUE) && hostname_note) { const char *hostname; int match = 0; _ which restores the existing (and expected) behaviour here. Regards, Yann.