diff options
| author | Yann Ylavic <ylavic@apache.org> | 2019-10-25 15:26:14 +0200 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2019-10-25 15:26:14 +0200 |
| commit | ce68ba8b331f855923c724553d6cf57f3c6b796d (patch) | |
| tree | b6c1f54df4bb118df8786fca4486c39dc2a53328 /modules | |
| parent | mod_md: fixes compiler warning about initialization, version bumb. (diff) | |
| download | apache2-ce68ba8b331f855923c724553d6cf57f3c6b796d.tar.xz apache2-ce68ba8b331f855923c724553d6cf57f3c6b796d.zip | |
mod_ssl: follow up to r1868645.
Keep the base server's SSLProtocol if none is configured on the vhost
selected by Hello/SNI callback.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868929 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 023971b234..0d17ec6939 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2514,8 +2514,14 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ && (!defined(LIBRESSL_VERSION_NUMBER) \ || LIBRESSL_VERSION_NUMBER >= 0x20800000L) - SSL_set_min_proto_version(ssl, SSL_CTX_get_min_proto_version(ctx)); - SSL_set_max_proto_version(ssl, SSL_CTX_get_max_proto_version(ctx)); + /* + * Don't switch the protocol if none is configured for this vhost, + * the default in this case is still the base server's SSLProtocol. + */ + if (myCtxConfig(sslcon, sc)->protocol_set) { + SSL_set_min_proto_version(ssl, SSL_CTX_get_min_proto_version(ctx)); + SSL_set_max_proto_version(ssl, SSL_CTX_get_max_proto_version(ctx)); + } #endif if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) || (SSL_num_renegotiations(ssl) == 0)) { |