diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2015-10-02 11:10:27 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2015-10-02 16:51:57 -0400 |
| commit | 769a67377725efc1e7c33b6f53b485c7970f883a (patch) | |
| tree | 4f2944ea571233f535748233588d1a9f362d4dcd /mod_nss.c | |
| parent | aadb6021c55671a302920e4241c7619993af8a14 (diff) | |
| download | mod_nss-769a67377725efc1e7c33b6f53b485c7970f883a.tar.gz mod_nss-769a67377725efc1e7c33b6f53b485c7970f883a.tar.xz mod_nss-769a67377725efc1e7c33b6f53b485c7970f883a.zip | |
Rework SNI client reverse proxy
Add a note to the table to indicate that the handhake is complete
so we don't set the extension every time data is read or written.
Drop NSSHandshakeCallback() as it didn't do anything and is replaced
by the proxy callback.
Extend the checks around calling SetURL to match those in mod_ssl:
- a hostname is available
- not SSLv3
- not an IP address
Diffstat (limited to 'mod_nss.c')
| -rw-r--r-- | mod_nss.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -283,7 +283,7 @@ SECStatus NSSBadCertHandler(void *arg, PRFileDesc * socket) if (rv != SECSuccess) { char *remote = CERT_GetCommonName(&peerCert->subject); ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, - "SSL Proxy: Possible man-in-the-middle attack. The remove server is %s, we expected %s", remote, hostname_note); + "SSL Proxy: Possible man-in-the-middle attack. The remote server is %s, we expected %s", remote, hostname_note); PORT_Free(remote); } } else { |