mod_ssl: allow SSLEngine to override Listen-based default (r1537535)

2 files changed, 44 insertions, 1 deletions

diff --git a/httpd-2.4.6-r1537535.patch b/httpd-2.4.6-r1537535.patch
new file mode 100644
index 0000000..dc2c6c9
--- /dev/null
+++ b/httpd-2.4.6-r1537535.patch
@@ -0,0 +1,38 @@
+# ./pullrev.sh 1537535
+
+http://svn.apache.org/viewvc?view=revision&revision=1537535
+
+--- httpd-2.4.6/modules/ssl/ssl_engine_config.c.r1537535
++++ httpd-2.4.6/modules/ssl/ssl_engine_config.c
+@@ -198,7 +198,7 @@ static SSLSrvConfigRec *ssl_config_serve
+     SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
+ 
+     sc->mc                     = NULL;
+-    sc->enabled                = SSL_ENABLED_FALSE;
++    sc->enabled                = SSL_ENABLED_UNSET;
+     sc->proxy_enabled          = UNSET;
+     sc->vhost_id               = NULL;  /* set during module init */
+     sc->vhost_id_len           = 0;     /* set during module init */
+--- httpd-2.4.6/modules/ssl/ssl_engine_init.c.r1537535
++++ httpd-2.4.6/modules/ssl/ssl_engine_init.c
+@@ -289,13 +289,16 @@ int ssl_init_Module(apr_pool_t *p, apr_p
+         sc->vhost_id = ssl_util_vhostid(p, s);
+         sc->vhost_id_len = strlen(sc->vhost_id);
+ 
+-        if (ap_get_server_protocol(s) &&
+-            strcmp("https", ap_get_server_protocol(s)) == 0) {
++        /* Default to enabled if SSLEngine is not set explicitly, and
++         * the protocol is https. */
++        if (ap_get_server_protocol(s) 
++            && strcmp("https", ap_get_server_protocol(s)) == 0
++            && sc->enabled == SSL_ENABLED_UNSET) {
+             sc->enabled = SSL_ENABLED_TRUE;
+         }
+ 
+-       /* If sc->enabled is UNSET, then SSL is optional on this vhost  */
+-        /* Fix up stuff that may not have been set */
++        /* Fix up stuff that may not have been set.  If sc->enabled is
++         * UNSET, then SSL is disabled on this vhost.  */
+         if (sc->enabled == SSL_ENABLED_UNSET) {
+             sc->enabled = SSL_ENABLED_FALSE;
+         }
diff --git a/httpd.spec b/httpd.spec
index 6fdb368..b4f4063 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -14,7 +14,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.6
-Release: 4%{?dist}
+Release: 5%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -62,6 +62,7 @@ Patch28: httpd-2.4.6-r1332643+.patch
 Patch29: httpd-2.4.3-mod_systemd.patch
 Patch30: httpd-2.4.4-cachehardmax.patch
 Patch31: httpd-2.4.6-sslmultiproxy.patch
+Patch32: httpd-2.4.6-r1537535.patch
 # Bug fixes
 Patch51: httpd-2.4.3-sslsninotreq.patch
 Patch55: httpd-2.4.4-malformed-host.patch
@@ -189,6 +190,7 @@ interface for storing and accessing per-user session data.
 %patch29 -p1 -b .systemd
 %patch30 -p1 -b .cachehardmax
 %patch31 -p1 -b .sslmultiproxy
+%patch32 -p1 -b .r1537535
 
 %patch51 -p1 -b .sninotreq
 %patch55 -p1 -b .malformedhost
@@ -621,6 +623,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
+* Thu Oct 31 2013 Joe Orton <jorton@redhat.com> - 2.4.6-5
+- mod_ssl: allow SSLEngine to override Listen-based default (r1537535)
+
 * Mon Oct 21 2013 Joe Orton <jorton@redhat.com> - 2.4.6-4
 - load mod_macro by default (#998452)
 - add README to conf.modules.d