chroot handling for SSLCertificateChainFile, problem found and fix tested by

Sandor Palfy <netchan@cotse.net>
author: henning <henning@openbsd.org> 2003-10-02 16:21:31 +0000
committer: henning <henning@openbsd.org> 2003-10-02 16:21:31 +0000
commit: e650480a69e2e8ddcbd930172ca3ff003100e3bd (patch)
tree: d79e809e630a373285151d0974fc8cfab4a105c4 /usr.sbin/httpd/src
parent: Upon invoking the freshly loaded binary, populate registers via embedded asm (diff)
download: wireguard-openbsd-e650480a69e2e8ddcbd930172ca3ff003100e3bd.tar.xz
wireguard-openbsd-e650480a69e2e8ddcbd930172ca3ff003100e3bd.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
index 94b5d15e397..3ff679ea1a4 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
@@ -603,9 +603,10 @@ const char *ssl_cmd_SSLCertificateChainFile(
     char *cpPath;
 
     cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
         return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
                           cpPath, "' not exists or empty", NULL);
+    ap_server_strip_chroot(cpPath, 0);
     sc->szCertificateChain = cpPath;
     return NULL;
 }
author	henning <henning@openbsd.org>	2003-10-02 16:21:31 +0000
committer	henning <henning@openbsd.org>	2003-10-02 16:21:31 +0000
commit	e650480a69e2e8ddcbd930172ca3ff003100e3bd (patch)
tree	d79e809e630a373285151d0974fc8cfab4a105c4 /usr.sbin/httpd/src
parent	Upon invoking the freshly loaded binary, populate registers via embedded asm (diff)
download	wireguard-openbsd-e650480a69e2e8ddcbd930172ca3ff003100e3bd.tar.xz wireguard-openbsd-e650480a69e2e8ddcbd930172ca3ff003100e3bd.zip