Google Git
Sign in
apache/httpd/refs/heads/fips-dev^!/.
commit
2a33727b397add3e766ffede4ace67423da9ddbf
[log]
author
William A. Rowe Jr <wrowe@apache.org>
Mon Aug 29 19:57:26 2005 +0000
committer
William A. Rowe Jr <wrowe@apache.org>
Mon Aug 29 19:57:26 2005 +0000
tree
68c4f5970f5d300757ef78a82a93f9630fe3f2cb
parent
decaaf6ca57ed8dac02c65a60b22149a55406d0b [diff]
  While eliminating all but TLSv1 (the only FIPS-complient handshaking
  mechansim), I noticed that we have several other single-case methods
  similar to the SSLv2 exception; use the explicit method in preference
  to the generic SSLv23_client|server_method() calls if exactly one
  method is supported.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/fips-dev@264620 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 2e79939..78d4162 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c

@@ -446,14 +446,23 @@
         method = mctx->pkp ?
             SSLv2_client_method() : /* proxy */
             SSLv2_server_method();  /* server */
-        ctx = SSL_CTX_new(method);  /* only SSLv2 is left */
     }
-    else {
+    else if (protocol == SSL_PROTOCOL_SSLV3) {
+        method = mctx->pkp ?
+            SSLv3_client_method() : /* proxy */
+            SSLv3_server_method();  /* server */
+    }
+    else if (protocol == SSL_PROTOCOL_TLSV1) {
+        method = mctx->pkp ?
+            TLSv1_client_method() : /* proxy */
+            TLSv1_server_method();  /* server */
+    }
+    else { /* For multiple protocols, we need a flexible method */
         method = mctx->pkp ?
             SSLv23_client_method() : /* proxy */
             SSLv23_server_method();  /* server */
-        ctx = SSL_CTX_new(method); /* be more flexible */
     }
+    ctx = SSL_CTX_new(method);
 
     mctx->ssl_ctx = ctx;