jorton at redhat
Nov 6, 2009, 4:08 PM
Post #2 of 3
(100 views)
Permalink
|
|
Re: svn commit: r833582 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_private.h
[In reply to]
|
|
On Sat, Nov 07, 2009 at 12:37:56AM +0100, Ruediger Pluem wrote:
> On 11/06/2009 11:33 PM, jorton[at]apache.org wrote:
> > Author: jorton
> > Date: Fri Nov 6 22:33:19 2009
> > New Revision: 833582
> >
> > URL: http://svn.apache.org/viewvc?rev=833582&view=rev
> > Log:
> > SECURITY: Partial fix for CVE-2009-3555:
>
> Looks good. Passes all tests in the framework (should we add one for CVE-2009-3555?)
> Backporting to 2.2.x has a little conflict in ssl_engine_io.c which is resolved in the
> attached patch which backports r833582 and r833593.
> This patch also passes all tests.
Awesome, thanks a lot!
+1 for backport to 2.2.x here too.
I doubt it's possible to test this from perl-framework since it won't
expose a way to trigger a renegotiation from the client, unfortunately.
Regards, Joe
|
r833582_and_833593-backport-2.2.x.diff
