Fix CVE CAN-2005-2700: * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that renegotiation is performed for a transition from "SSLVerifyClient optional" to "SSLVerifyClient require". The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old context merely has optional verification configured, since the definition of SSL_VERIFY_PEER_STRICT is (SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).
Changed paths:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c