55 lines
1.7 KiB
Diff
55 lines
1.7 KiB
Diff
# ./pullrev.sh 1916863
|
|
http://svn.apache.org/viewvc?view=revision&revision=1916863
|
|
|
|
Upstream-Status: in trunk, not proposed for 2.4.x
|
|
|
|
--- httpd-2.4.59/modules/ssl/ssl_engine_init.c
|
|
+++ httpd-2.4.59/modules/ssl/ssl_engine_init.c
|
|
@@ -1416,6 +1416,7 @@
|
|
const char *vhost_id = mctx->sc->vhost_id, *key_id, *certfile, *keyfile;
|
|
int i;
|
|
EVP_PKEY *pkey;
|
|
+ int custom_dh_done = 0;
|
|
#ifdef HAVE_ECC
|
|
EC_GROUP *ecgroup = NULL;
|
|
int curve_nid = 0;
|
|
@@ -1591,14 +1592,14 @@
|
|
*/
|
|
certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *);
|
|
if (certfile && !modssl_is_engine_id(certfile)) {
|
|
- int done = 0, num_bits = 0;
|
|
+ int num_bits = 0;
|
|
#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
DH *dh = modssl_dh_from_file(certfile);
|
|
if (dh) {
|
|
num_bits = DH_bits(dh);
|
|
SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dh);
|
|
DH_free(dh);
|
|
- done = 1;
|
|
+ custom_dh_done = 1;
|
|
}
|
|
#else
|
|
pkey = modssl_dh_pkey_from_file(certfile);
|
|
@@ -1608,18 +1609,18 @@
|
|
EVP_PKEY_free(pkey);
|
|
}
|
|
else {
|
|
- done = 1;
|
|
+ custom_dh_done = 1;
|
|
}
|
|
}
|
|
#endif
|
|
- if (done) {
|
|
+ if (custom_dh_done) {
|
|
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
|
|
"Custom DH parameters (%d bits) for %s loaded from %s",
|
|
num_bits, vhost_id, certfile);
|
|
}
|
|
}
|
|
#if !MODSSL_USE_OPENSSL_PRE_1_1_API
|
|
- else {
|
|
+ if (!custom_dh_done) {
|
|
/* If no parameter is manually configured, enable auto
|
|
* selection. */
|
|
SSL_CTX_set_dh_auto(mctx->ssl_ctx, 1);
|