Blame SOURCES/httpd-2.4.37-CVE-2019-0215.patch
|
|
bdaebd |
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
|
|
|
bdaebd |
index de0ffb0..e6a9f67 100644
|
|
|
bdaebd |
--- a/modules/ssl/ssl_engine_kernel.c
|
|
|
bdaebd |
+++ b/modules/ssl/ssl_engine_kernel.c
|
|
|
bdaebd |
@@ -1154,6 +1154,7 @@ static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirCon
|
|
|
bdaebd |
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
|
|
|
bdaebd |
apr_table_setn(r->notes, "error-notes",
|
|
|
bdaebd |
"Reason: Cannot perform Post-Handshake Authentication. ");
|
|
|
bdaebd |
+ SSL_set_verify(ssl, vmode_inplace, NULL);
|
|
|
bdaebd |
return HTTP_FORBIDDEN;
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
@@ -1175,6 +1176,7 @@ static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirCon
|
|
|
bdaebd |
* Finally check for acceptable renegotiation results
|
|
|
bdaebd |
*/
|
|
|
bdaebd |
if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
|
|
|
bdaebd |
+ SSL_set_verify(ssl, vmode_inplace, NULL);
|
|
|
bdaebd |
return rc;
|
|
|
bdaebd |
}
|
|
|
bdaebd |
}
|