代码拉取完成,页面将自动刷新
同步操作将从 OpenCloudOS Stream/httpd 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 27e7a53..b53f3f8 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -119,7 +119,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
mctx->ticket_key = NULL;
#endif
- mctx->protocol = SSL_PROTOCOL_DEFAULT;
+ mctx->protocol = SSL_PROTOCOL_NONE;
mctx->protocol_set = 0;
mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
@@ -263,6 +263,7 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p,
if (add->protocol_set) {
mrg->protocol_set = 1;
mrg->protocol = add->protocol;
+ mrg->protocol_set = 1;
}
else {
mrg->protocol_set = base->protocol_set;
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index bfad47a..b0fcf81 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -577,6 +577,7 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
MODSSL_SSL_METHOD_CONST SSL_METHOD *method = NULL;
char *cp;
int protocol = mctx->protocol;
+ int protocol_set = mctx->protocol_set;
SSLSrvConfigRec *sc = mySrvConfig(s);
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
int prot;
@@ -586,12 +587,18 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
* Create the new per-server SSL context
*/
if (protocol == SSL_PROTOCOL_NONE) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02231)
- "No SSL protocols available [hint: SSLProtocol]");
- return ssl_die(s);
- }
+ if (protocol_set) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02231)
+ "No SSL protocols available [hint: SSLProtocol]");
+ return ssl_die(s);
+ }
- cp = apr_pstrcat(p,
+ ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s,
+ "Using OpenSSL/system default SSL/TLS protocols");
+ cp = "default";
+ }
+ else {
+ cp = apr_pstrcat(p,
#ifndef OPENSSL_NO_SSL3
(protocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
#endif
@@ -604,7 +611,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
#endif
#endif
NULL);
- cp[strlen(cp)-2] = NUL;
+ cp[strlen(cp)-2] = NUL;
+ }
ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s,
"Creating new SSL context (protocols: %s)", cp);
@@ -705,13 +713,15 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
prot = SSL3_VERSION;
#endif
} else {
- SSL_CTX_free(ctx);
- mctx->ssl_ctx = NULL;
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(03378)
- "No SSL protocols available [hint: SSLProtocol]");
- return ssl_die(s);
+ if (protocol_set) {
+ SSL_CTX_free(ctx);
+ mctx->ssl_ctx = NULL;
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(03378)
+ "No SSL protocols available [hint: SSLProtocol]");
+ return ssl_die(s);
+ }
}
- SSL_CTX_set_max_proto_version(ctx, prot);
+ if (protocol != SSL_PROTOCOL_NONE) SSL_CTX_set_max_proto_version(ctx, prot);
/* Next we scan for the minimal protocol version we should provide,
* but we do not allow holes between max and min */
@@ -731,7 +741,7 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
prot = SSL3_VERSION;
}
#endif
- SSL_CTX_set_min_proto_version(ctx, prot);
+ if (protocol != SSL_PROTOCOL_NONE) SSL_CTX_set_min_proto_version(ctx, prot);
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手