|
|
576df0 |
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
|
|
|
576df0 |
index 37947e7..b50c259 100644
|
|
|
576df0 |
--- a/modules/ssl/mod_ssl.c
|
|
|
576df0 |
+++ b/modules/ssl/mod_ssl.c
|
|
|
576df0 |
@@ -331,9 +331,6 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
|
|
|
576df0 |
/*
|
|
|
576df0 |
* Try to kill the internals of the SSL library.
|
|
|
576df0 |
*/
|
|
|
576df0 |
-#ifdef HAVE_FIPS
|
|
|
576df0 |
- FIPS_mode_set(0);
|
|
|
576df0 |
-#endif
|
|
|
576df0 |
/* Corresponds to OBJ_create()s */
|
|
|
576df0 |
OBJ_cleanup();
|
|
|
576df0 |
/* Corresponds to OPENSSL_load_builtin_modules() */
|
|
|
576df0 |
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
|
|
576df0 |
index 5063a72..21e41e2 100644
|
|
|
576df0 |
--- a/modules/ssl/ssl_engine_init.c
|
|
|
576df0 |
+++ b/modules/ssl/ssl_engine_init.c
|
|
|
576df0 |
@@ -183,6 +183,14 @@ int ssl_is_challenge(conn_rec *c, const char *servername,
|
|
|
576df0 |
return 0;
|
|
|
576df0 |
}
|
|
|
576df0 |
|
|
|
576df0 |
+#ifdef HAVE_FIPS
|
|
|
576df0 |
+static apr_status_t ssl_fips_cleanup(void *data)
|
|
|
576df0 |
+{
|
|
|
576df0 |
+ FIPS_mode_set(0);
|
|
|
576df0 |
+ return APR_SUCCESS;
|
|
|
576df0 |
+}
|
|
|
576df0 |
+#endif
|
|
|
576df0 |
+
|
|
|
576df0 |
/*
|
|
|
576df0 |
* Per-module initialization
|
|
|
576df0 |
*/
|
|
|
576df0 |
@@ -316,6 +324,8 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
|
|
|
576df0 |
if (FIPS_mode_set(1)) {
|
|
|
576df0 |
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(01884)
|
|
|
576df0 |
"Operating in SSL FIPS mode");
|
|
|
576df0 |
+ apr_pool_cleanup_register(p, NULL, ssl_fips_cleanup,
|
|
|
576df0 |
+ apr_pool_cleanup_null);
|
|
|
576df0 |
}
|
|
|
576df0 |
else {
|
|
|
576df0 |
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01885) "FIPS mode failed");
|