mod_ssl: OCSP does not apply to proxy mode, fix verify context. Since ssl_callback_SSLVerify() is called for both server and proxy modes, use myCtxConfig()->ocsp_mask to check the right mode/configuration (i.e. none for proxy in any case). PR 63679. Submitted by: Lubos Uhliarik <luhliari redhat.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1865740 13f79535-47bb-0310-9956-ffa450edef68

commit: 1f6dae166f6e924e37974d0edca5771605387d4d [log] [tgz]
author: Yann Ylavic <ylavic@apache.org> Fri Aug 23 10:31:01 2019 +0000
committer: Yann Ylavic <ylavic@apache.org> Fri Aug 23 10:31:01 2019 +0000
tree: ebbca7d9bbe5ca9ae80fea93ae7128eb7a600e3a
parent: b951496ece696c07b5f0614f40c7c7dbc3239c7a [diff]
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 488e6ab..a29eebb 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c

@@ -1831,8 +1831,8 @@
     /*
      * Perform OCSP-based revocation checks
      */
-    if (ok && ((sc->server->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
-         (errdepth == 0 && (sc->server->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {     
+    if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
+         (errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {     
         /* If there was an optional verification error, it's not
          * possible to perform OCSP validation since the issuer may be
          * missing/untrusted.  Fail in that case. */
commit	1f6dae166f6e924e37974d0edca5771605387d4d	[log] [tgz]
author	Yann Ylavic <ylavic@apache.org>	Fri Aug 23 10:31:01 2019 +0000
committer	Yann Ylavic <ylavic@apache.org>	Fri Aug 23 10:31:01 2019 +0000
tree	ebbca7d9bbe5ca9ae80fea93ae7128eb7a600e3a
parent	b951496ece696c07b5f0614f40c7c7dbc3239c7a [diff]