summaryrefslogtreecommitdiffstats
path: root/modules/ssl/ssl_engine_kernel.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/ssl/ssl_engine_kernel.c')
-rw-r--r--modules/ssl/ssl_engine_kernel.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index f63865c37a..96aaf6602d 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -78,9 +78,8 @@ static apr_status_t upgrade_connection(request_rec *r)
/* Perform initial SSL handshake. */
SSL_set_accept_state(ssl);
- SSL_do_handshake(ssl);
- if (!SSL_is_init_finished(ssl)) {
+ if ((SSL_do_handshake(ssl) != 1) || !SSL_is_init_finished(ssl)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02030)
"TLS upgrade handshake failed");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
@@ -1182,7 +1181,12 @@ static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirCon
modssl_set_app_data2(ssl, r);
- SSL_do_handshake(ssl);
+ if(SSL_do_handshake(ssl) != 1) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10421)
+ "TLS handshake failure");
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
+ return HTTP_FORBIDDEN;
+ }
/* Need to trigger renegotiation handshake by reading.
* Peeking 0 bytes actually works.
* See: http://marc.info/?t=145493359200002&r=1&w=2
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 02:34:16 +0100