From 616eacccb0370d7c40fd43d10eb910b3ec4ebbad Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@redhat.com>
Date: Apr 12 2018 07:03:52 +0000
Subject: mod_ssl: drop implicit 'SSLEngine on' for vhost w/o certs (#1564537)

Resolves: rhbz#1564537

---

diff --git a/httpd-2.4.33-sslmerging.patch b/httpd-2.4.33-sslmerging.patch
new file mode 100644
index 0000000..066b5c8
--- /dev/null
+++ b/httpd-2.4.33-sslmerging.patch
@@ -0,0 +1,15 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1564537
+
+--- httpd-2.4.33/modules/ssl/ssl_engine_init.c.sslmerging
++++ httpd-2.4.33/modules/ssl/ssl_engine_init.c
+@@ -261,7 +261,8 @@
+          * the protocol is https. */
+         if (ap_get_server_protocol(s) 
+             && strcmp("https", ap_get_server_protocol(s)) == 0
+-            && sc->enabled == SSL_ENABLED_UNSET) {
++            && sc->enabled == SSL_ENABLED_UNSET
++            && (!apr_is_empty_array(sc->server->pks->cert_files))) {
+             sc->enabled = SSL_ENABLED_TRUE;
+         }
+ 
diff --git a/httpd.spec b/httpd.spec
index 9429b61..7fc519a 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.33
-Release: 2%{?dist}
+Release: 3%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: index.html
@@ -74,6 +74,8 @@ Patch35: httpd-2.4.33-sslciphdefault.patch
 # Bug fixes
 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
 Patch58: httpd-2.4.33-r1738878.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1564537
+Patch59: httpd-2.4.33-sslmerging.patch
 
 # Security fixes
 
@@ -227,6 +229,7 @@ interface for storing and accessing per-user session data.
 %patch34 -p1 -b .socketactivation
 %patch35 -p1 -b .sslciphdefault
 %patch58 -p1 -b .r1738878
+%patch59 -p1 -b .sslmerging
 
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -704,6 +707,9 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Thu Apr 12 2018 Joe Orton <jorton@redhat.com> - 2.4.33-3
+- mod_ssl: drop implicit 'SSLEngine on' for vhost w/o certs (#1564537)
+
 * Fri Mar 30 2018 Adam Williamson <awilliam@redhat.com> - 2.4.33-2
 - Exclude mod_md config file from main package (#1562413)