diff options
| author | Stefan Fritsch <sf@sfritsch.de> | 2015-08-02 00:19:16 +0200 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2015-08-02 00:19:16 +0200 |
| commit | 48802c25dc82a8b13ac351c0c2137ef748256bbd (patch) | |
| tree | dcaa03f7f34153303fe5afbc9c99dbb8c44b22b3 /modules/ssl/ssl_engine_init.c | |
| parent | 080d5e16db802902200a9ce5b6c40f8f1fdc1f73 (diff) | |
| download | apache2-48802c25dc82a8b13ac351c0c2137ef748256bbd.tar.gz | |
Imported Upstream version 2.4.16
Diffstat (limited to 'modules/ssl/ssl_engine_init.c')
| -rw-r--r-- | modules/ssl/ssl_engine_init.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 63e89578..6baf2f51 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -353,9 +353,11 @@ apr_status_t ssl_init_Engine(server_rec *s, apr_pool_t *p) return ssl_die(s); } +#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK if (strEQ(mc->szCryptoDevice, "chil")) { ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); } +#endif if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889) @@ -723,11 +725,13 @@ static apr_status_t ssl_init_ctx_cipher_suite(server_rec *s, /* * Configure SSL Cipher Suite. Always disable NULL and export ciphers, * see also ssl_engine_config.c:ssl_cmd_SSLCipherSuite(). - * OpenSSL's SSL_DEFAULT_CIPHER_LIST already includes !aNULL:!eNULL, - * so only prepend !EXP in this case. + * OpenSSL's SSL_DEFAULT_CIPHER_LIST includes !aNULL:!eNULL from 0.9.8f, + * and !EXP from 0.9.8zf/1.0.1m/1.0.2a, so prepend them while we support + * earlier versions. */ suite = mctx->auth.cipher_suite ? mctx->auth.cipher_suite : - apr_pstrcat(ptemp, "!EXP:", SSL_DEFAULT_CIPHER_LIST, NULL); + apr_pstrcat(ptemp, "!aNULL:!eNULL:!EXP:", SSL_DEFAULT_CIPHER_LIST, + NULL); ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s, "Configuring permitted SSL ciphers [%s]", @@ -956,7 +960,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s, #ifdef HAVE_ECC EC_GROUP *ecparams; int nid; - EC_KEY *eckey; + EC_KEY *eckey = NULL; #endif #ifndef HAVE_SSL_CONF_CMD SSL *ssl; @@ -1129,6 +1133,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); #endif } + EC_KEY_free(eckey); #endif return APR_SUCCESS; |