# ./pullrev.sh 1916863
http://svn.apache.org/viewvc?view=revision&revision=1916863

Upstream-Status: in trunk, not proposed for 2.4.x

--- httpd-2.4.59/modules/ssl/ssl_engine_init.c
+++ httpd-2.4.59/modules/ssl/ssl_engine_init.c
@@ -1416,6 +1416,7 @@
     const char *vhost_id = mctx->sc->vhost_id, *key_id, *certfile, *keyfile;
     int i;
     EVP_PKEY *pkey;
+    int custom_dh_done = 0;
 #ifdef HAVE_ECC
     EC_GROUP *ecgroup = NULL;
     int curve_nid = 0;
@@ -1591,14 +1592,14 @@
      */
     certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *);
     if (certfile && !modssl_is_engine_id(certfile)) {
-        int done = 0, num_bits = 0;
+        int num_bits = 0;
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
         DH *dh = modssl_dh_from_file(certfile);
         if (dh) {
             num_bits = DH_bits(dh);
             SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dh);
             DH_free(dh);
-            done = 1;
+            custom_dh_done = 1;
         }
 #else
         pkey = modssl_dh_pkey_from_file(certfile);
@@ -1608,18 +1609,18 @@
                 EVP_PKEY_free(pkey);
             }
             else {
-                done = 1;
+                custom_dh_done = 1;
             }
         }
 #endif
-        if (done) {
+        if (custom_dh_done) {
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
                          "Custom DH parameters (%d bits) for %s loaded from %s",
                          num_bits, vhost_id, certfile);
         }
     }
 #if !MODSSL_USE_OPENSSL_PRE_1_1_API
-    else {
+    if (!custom_dh_done) {
         /* If no parameter is manually configured, enable auto
          * selection. */
         SSL_CTX_set_dh_auto(mctx->ssl_ctx, 1);