[apache2] 01/04: Fix SNI hostname comparison
Stefan Fritsch
sf at moszumanska.debian.org
Tue Dec 23 22:54:01 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch wheezy
in repository apache2.
commit 606a057190d197e1c7943648fd8787ff70be2222
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Tue Dec 23 23:10:36 2014 +0100
Fix SNI hostname comparison
---
debian/changelog | 1 +
debian/patches/SNI_case_insensitve.diff | 13 +++++++++++++
debian/patches/series | 1 +
3 files changed, 15 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index d5f2a9d..ce0213d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ apache2 (2.2.22-13+deb7u4) UNRELEASED; urgency=high
The new behavior is to not merge trailers into the headers autmatically.
A new directive "MergeTrailers" is introduced to restore the old
behavior.
+ * Fix hostname comparison with SNI to be case insensitive. Closes: #771199
-- Stefan Fritsch <sf at debian.org> Sun, 09 Nov 2014 14:38:26 +0100
diff --git a/debian/patches/SNI_case_insensitve.diff b/debian/patches/SNI_case_insensitve.diff
new file mode 100644
index 0000000..0fdab3f
--- /dev/null
+++ b/debian/patches/SNI_case_insensitve.diff
@@ -0,0 +1,13 @@
+# https://svn.apache.org/viewvc?view=revision&revision=r1515565
+# http://bugs.debian.org/771199
+--- apache2.orig/modules/ssl/ssl_engine_kernel.c
++++ apache2/modules/ssl/ssl_engine_kernel.c
+@@ -136,7 +136,7 @@ int ssl_hook_ReadReq(request_rec *r)
+ if (rv != APR_SUCCESS || scope_id) {
+ return HTTP_BAD_REQUEST;
+ }
+- if (strcmp(host, servername)) {
++ if (strcasecmp(host, servername)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ "Hostname %s provided via SNI and hostname %s provided"
+ " via HTTP are different", servername, host);
diff --git a/debian/patches/series b/debian/patches/series
index da1c001..e8fcdc7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -46,3 +46,4 @@ CVE-2014-0226_scoreboard.patch
CVE-2014-0231_mod_cgid-DoS.patch
CVE-2014-0118_mod_deflate-DoS.patch
CVE-2013-5704_trailers.patch
+SNI_case_insensitve.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list