[apache2] 01/02: fix spurious errors when loading certificate chain
Stefan Fritsch
sf at moszumanska.debian.org
Tue Aug 18 09:56:32 UTC 2015
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch wheezy
in repository apache2.
commit fe78dd6bc3229f3038c6e7fe39046e14c6d77799
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Tue Aug 18 09:56:50 2015 +0200
fix spurious errors when loading certificate chain
---
debian/changelog | 7 +++++++
.../SSL_CTX_use_certificate_clear_errors.diff | 21 +++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 29 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 8631461..8742fc5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.2.22-13+deb7u6) UNRELEASED; urgency=medium
+
+ * Fix regression causing spurious errors when loading certificate chain.
+ Closes: #794383
+
+ -- Stefan Fritsch <sf at debian.org> Tue, 18 Aug 2015 09:52:20 +0200
+
apache2 (2.2.22-13+deb7u5) wheezy-security; urgency=medium
* CVE-2015-3183: Fix request smuggling via chunked transfer encoding.
diff --git a/debian/patches/SSL_CTX_use_certificate_clear_errors.diff b/debian/patches/SSL_CTX_use_certificate_clear_errors.diff
new file mode 100644
index 0000000..0b5294d
--- /dev/null
+++ b/debian/patches/SSL_CTX_use_certificate_clear_errors.diff
@@ -0,0 +1,21 @@
+# fix spurious errors during startup
+# Print detailed info in case of error.
+#
+# http://bugs.debian.org/794383
+--- apache2.orig/modules/ssl/ssl_engine_init.c
++++ apache2/modules/ssl/ssl_engine_init.c
+@@ -675,12 +675,14 @@ static void ssl_init_ctx_cert_chain(serv
+ }
+ }
+
++ ERR_clear_error();
+ n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+ (char *)chain,
+ skip_first, NULL);
+ if (n < 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Failed to configure CA certificate chain!");
++ ERR_print_errors_fp(stderr);
+ ssl_die();
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index 21e54f2..58cd313 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -50,3 +50,4 @@ SNI_case_insensitve.diff
mod_ssl_SSL_CLIENT_S_DN_UID.diff
DH-SSLCertificateFile.patch
CVE-2015-3183.patch
+SSL_CTX_use_certificate_clear_errors.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list