[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-bugs
Subject:    [Bug 57553] mod_ssl_ct causes connection failures when configured 'empty'
From:       bugzilla () apache ! org
Date:       2015-02-22 22:30:47
Message-ID: bug-57553-7868-5umF6ccYDw () https ! bz ! apache ! org/bugzilla/
[Download RAW message or body]

https://bz.apache.org/bugzilla/show_bug.cgi?id=57553

Jeff Trawick <trawick@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #4 from Jeff Trawick <trawick@apache.org> ---
This should be fixed now by trunk revision r1661540.

http://svn.apache.org/viewvc?view=revision&revision=1661540

The issue I found was that each vhost would not be using its own module
configuration (i.e., "sconf" in the previous discussion) if the vhost didn't
contain mod_ssl_ct directives.  That's an expected core httpd "feature" which
makes sense for almost all modules, but it is a problem here because
mod_ssl_ct's module config needs to also represent the vhost's certificates,
which are not reflected in the mod_ssl_ct configuration.  The fix was to create
a vhost-specific sconf when reuse of the global configuration is detected.

The submitter's suggested fix would also accommodate the current requirement,
but I think it is better for each vhost to have its on config in support of
future changes.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]