diff options
| author | cvs2svn <cvs2svn@FreeBSD.org> | 2005-01-21 15:36:45 +0000 |
|---|---|---|
| committer | cvs2svn <cvs2svn@FreeBSD.org> | 2005-01-21 15:36:45 +0000 |
| commit | 7011c19a8c96a2f8fb7c04d61cb28cdc507584a6 (patch) | |
| tree | 22c0efaf2b6bb5b461389f9bac9542c7e3a5909a /www/apache20/files/patch-secfix-CAN-2004-0885 | |
| parent | Now buildable on 4.x, still broken on >= 5.x. (diff) | |
This commit was manufactured by cvs2svn to create tag 'RELEASE_4_11_0'.release/4.11.0
Diffstat (limited to 'www/apache20/files/patch-secfix-CAN-2004-0885')
| -rw-r--r-- | www/apache20/files/patch-secfix-CAN-2004-0885 | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/www/apache20/files/patch-secfix-CAN-2004-0885 b/www/apache20/files/patch-secfix-CAN-2004-0885 deleted file mode 100644 index f19a7e55c165..000000000000 --- a/www/apache20/files/patch-secfix-CAN-2004-0885 +++ /dev/null @@ -1,56 +0,0 @@ -Index: ssl_engine_init.c -=================================================================== -RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v -retrieving revision 1.128 -retrieving revision 1.129 -diff -d -w -u -r1.128 -r1.129 ---- modules/ssl/ssl_engine_init.c 3 Jun 2004 13:03:08 -0000 1.128 -+++ modules/ssl/ssl_engine_init.c 8 Oct 2004 11:59:32 -0000 1.129 -@@ -443,6 +443,14 @@ - * Configure additional context ingredients - */ - SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); -+ -+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION -+ /* -+ * Disallow a session from being resumed during a renegotiation, -+ * so that an acceptable cipher suite can be negotiated. -+ */ -+ SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); -+#endif - } - - static void ssl_init_ctx_session_cache(server_rec *s, -Index: ssl_engine_kernel.c -=================================================================== -RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v -retrieving revision 1.110 -retrieving revision 1.111 -diff -d -w -u -r1.110 -r1.111 ---- modules/ssl/ssl_engine_kernel.c 18 Aug 2004 11:05:22 -0000 1.110 -+++ modules/ssl/ssl_engine_kernel.c 8 Oct 2004 11:59:33 -0000 1.111 -@@ -733,6 +733,21 @@ - X509_free(peercert); - } - } -+ -+ /* -+ * Also check that SSLCipherSuite has been enforced as expected. -+ */ -+ if (cipher_list) { -+ cipher = SSL_get_current_cipher(ssl); -+ if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, -+ "SSL cipher suite not renegotiated: " -+ "access to %s denied using cipher %s", -+ r->filename, -+ SSL_CIPHER_get_name(cipher)); -+ return HTTP_FORBIDDEN; -+ } -+ } - } - - /* - - - |