Context Navigation

source: mod_gnutls/src/gnutls_config.c @ 55dc3f0

Visit:

debian/masterdebian/stretch-backportsjessie-backportsupstream

Last change on this file since 55dc3f0 was 55dc3f0, checked in by Daniel Kahn Gillmor <dkg@…>, 6 years ago
Make Apache 2.4 display the correct module in error logs
Property mode set to `100644`
File size: 21.3 KB

Line
1	/**
2	* Copyright 2004-2005 Paul Querna
3	* Copyright 2008 Nikos Mavrogiannopoulos
4	* Copyright 2011 Dash Shendy
5	*
6	* Licensed under the Apache License, Version 2.0 (the "License");
7	* you may not use this file except in compliance with the License.
8	* You may obtain a copy of the License at
9	*
10	* http://www.apache.org/licenses/LICENSE-2.0
11	*
12	* Unless required by applicable law or agreed to in writing, software
13	* distributed under the License is distributed on an "AS IS" BASIS,
14	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15	* See the License for the specific language governing permissions and
16	* limitations under the License.
17	*
18	*/
19
20	#include "mod_gnutls.h"
21
22	#ifdef APLOG_USE_MODULE
23	APLOG_USE_MODULE(gnutls);
24	#endif
25
26	static int load_datum_from_file(apr_pool_t * pool,
27	const char file, gnutls_datum_t data) {
28	apr_file_t *fp;
29	apr_finfo_t finfo;
30	apr_status_t rv;
31	apr_size_t br = 0;
32
33	rv = apr_file_open(&fp, file, APR_READ \| APR_BINARY,
34	APR_OS_DEFAULT, pool);
35	if (rv != APR_SUCCESS) {
36	return rv;
37	}
38
39	rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
40
41	if (rv != APR_SUCCESS) {
42	return rv;
43	}
44
45	data->data = apr_palloc(pool, finfo.size + 1);
46	rv = apr_file_read_full(fp, data->data, finfo.size, &br);
47
48	if (rv != APR_SUCCESS) {
49	return rv;
50	}
51	apr_file_close(fp);
52
53	data->data[br] = '\0';
54	data->size = br;
55
56	return 0;
57	}
58
59	const char mgs_set_dh_file(cmd_parms parms, void *dummy,
60	const char *arg) {
61	int ret;
62	gnutls_datum_t data;
63	const char *file;
64	apr_pool_t *spool;
65	mgs_srvconf_rec *sc =
66	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
67	module_config,
68	&gnutls_module);
69
70	apr_pool_create(&spool, parms->pool);
71
72	file = ap_server_root_relative(spool, arg);
73
74	if (load_datum_from_file(spool, file, &data) != 0) {
75	return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
76	"DH params '%s'", file);
77	}
78
79	ret = gnutls_dh_params_init(&sc->dh_params);
80	if (ret < 0) {
81	return apr_psprintf(parms->pool,
82	"GnuTLS: Failed to initialize"
83	": (%d) %s", ret,
84	gnutls_strerror(ret));
85	}
86
87	ret =
88	gnutls_dh_params_import_pkcs3(sc->dh_params, &data,
89	GNUTLS_X509_FMT_PEM);
90	if (ret < 0) {
91	return apr_psprintf(parms->pool,
92	"GnuTLS: Failed to Import "
93	"DH params '%s': (%d) %s", file, ret,
94	gnutls_strerror(ret));
95	}
96
97	apr_pool_destroy(spool);
98
99	return NULL;
100	}
101
102	const char mgs_set_cert_file(cmd_parms parms, void dummy, const char arg) {
103
104	int ret;
105	gnutls_datum_t data;
106	const char *file;
107	apr_pool_t *spool;
108
109	mgs_srvconf_rec sc = (mgs_srvconf_rec ) ap_get_module_config(parms->server->module_config, &gnutls_module);
110	apr_pool_create(&spool, parms->pool);
111
112	file = ap_server_root_relative(spool, arg);
113
114	if (load_datum_from_file(spool, file, &data) != 0) {
115	apr_pool_destroy(spool);
116	return apr_psprintf(parms->pool, "GnuTLS: Error Reading Certificate '%s'", file);
117	}
118
119	sc->certs_x509_chain_num = MAX_CHAIN_SIZE;
120	ret = gnutls_x509_crt_list_import(sc->certs_x509_chain, &sc->certs_x509_chain_num, &data, GNUTLS_X509_FMT_PEM, 0);
121	if (ret < 0) {
122	apr_pool_destroy(spool);
123	return apr_psprintf(parms->pool, "GnuTLS: Failed to Import Certificate '%s': (%d) %s", file, ret, gnutls_strerror(ret));
124	}
125
126	apr_pool_destroy(spool);
127	return NULL;
128
129	}
130
131	const char mgs_set_key_file(cmd_parms parms, void dummy, const char arg) {
132
133	int ret;
134	gnutls_datum_t data;
135	const char *file;
136	apr_pool_t *spool;
137	const char *out;
138
139	mgs_srvconf_rec sc = (mgs_srvconf_rec ) ap_get_module_config(parms->server->module_config, &gnutls_module);
140
141	apr_pool_create(&spool, parms->pool);
142
143	file = ap_server_root_relative(spool, arg);
144
145	if (load_datum_from_file(spool, file, &data) != 0) {
146	out = apr_psprintf(parms->pool, "GnuTLS: Error Reading Private Key '%s'", file);
147	apr_pool_destroy(spool);
148	return out;
149	}
150
151	ret = gnutls_x509_privkey_init(&sc->privkey_x509);
152
153	if (ret < 0) {
154	apr_pool_destroy(spool);
155	return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize: (%d) %s", ret, gnutls_strerror(ret));
156	}
157
158	ret = gnutls_x509_privkey_import(sc->privkey_x509, &data, GNUTLS_X509_FMT_PEM);
159
160	if (ret < 0) {
161	ret = gnutls_x509_privkey_import_pkcs8(sc->privkey_x509, &data, GNUTLS_X509_FMT_PEM, NULL, GNUTLS_PKCS_PLAIN);
162	}
163
164	if (ret < 0) {
165	out = apr_psprintf(parms->pool, "GnuTLS: Failed to Import Private Key '%s': (%d) %s", file, ret, gnutls_strerror(ret));
166	apr_pool_destroy(spool);
167	return out;
168	}
169
170	apr_pool_destroy(spool);
171
172	return NULL;
173	}
174
175	const char mgs_set_pgpcert_file(cmd_parms parms, void *dummy,
176	const char *arg) {
177	int ret;
178	gnutls_datum_t data;
179	const char *file;
180	apr_pool_t *spool;
181	mgs_srvconf_rec *sc =
182	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
183	module_config,
184	&gnutls_module);
185	apr_pool_create(&spool, parms->pool);
186
187	file = ap_server_root_relative(spool, arg);
188
189	if (load_datum_from_file(spool, file, &data) != 0) {
190	return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
191	"Certificate '%s'", file);
192	}
193
194	ret = gnutls_openpgp_crt_init(&sc->cert_pgp);
195	if (ret < 0) {
196	return apr_psprintf(parms->pool, "GnuTLS: Failed to Init "
197	"PGP Certificate: (%d) %s", ret,
198	gnutls_strerror(ret));
199	}
200
201	ret =
202	gnutls_openpgp_crt_import(sc->cert_pgp, &data,
203	GNUTLS_OPENPGP_FMT_BASE64);
204	if (ret < 0) {
205	return apr_psprintf(parms->pool,
206	"GnuTLS: Failed to Import "
207	"PGP Certificate '%s': (%d) %s", file,
208	ret, gnutls_strerror(ret));
209	}
210
211	apr_pool_destroy(spool);
212	return NULL;
213	}
214
215	const char mgs_set_pgpkey_file(cmd_parms parms, void *dummy,
216	const char *arg) {
217	int ret;
218	gnutls_datum_t data;
219	const char *file;
220	apr_pool_t *spool;
221	mgs_srvconf_rec *sc =
222	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
223	module_config,
224	&gnutls_module);
225	apr_pool_create(&spool, parms->pool);
226
227	file = ap_server_root_relative(spool, arg);
228
229	if (load_datum_from_file(spool, file, &data) != 0) {
230	return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
231	"Private Key '%s'", file);
232	}
233
234	ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp);
235	if (ret < 0) {
236	return apr_psprintf(parms->pool,
237	"GnuTLS: Failed to initialize"
238	": (%d) %s", ret,
239	gnutls_strerror(ret));
240	}
241
242	ret =
243	gnutls_openpgp_privkey_import(sc->privkey_pgp, &data,
244	GNUTLS_OPENPGP_FMT_BASE64, NULL,
245	0);
246	if (ret != 0) {
247	return apr_psprintf(parms->pool,
248	"GnuTLS: Failed to Import "
249	"PGP Private Key '%s': (%d) %s", file,
250	ret, gnutls_strerror(ret));
251	}
252	apr_pool_destroy(spool);
253	return NULL;
254	}
255
256	const char mgs_set_tickets(cmd_parms parms, void *dummy,
257	const char *arg) {
258	mgs_srvconf_rec *sc =
259	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
260	module_config,
261	&gnutls_module);
262
263	sc->tickets = 0;
264	if (strcasecmp("on", arg) == 0) {
265	sc->tickets = 1;
266	}
267
268	return NULL;
269	}
270
271
272	#ifdef ENABLE_SRP
273
274	const char mgs_set_srp_tpasswd_file(cmd_parms parms, void *dummy,
275	const char *arg) {
276	mgs_srvconf_rec *sc =
277	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
278	module_config,
279	&gnutls_module);
280
281	sc->srp_tpasswd_file = ap_server_root_relative(parms->pool, arg);
282
283	return NULL;
284	}
285
286	const char mgs_set_srp_tpasswd_conf_file(cmd_parms parms, void *dummy,
287	const char *arg) {
288	mgs_srvconf_rec *sc =
289	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
290	module_config,
291	&gnutls_module);
292
293	sc->srp_tpasswd_conf_file =
294	ap_server_root_relative(parms->pool, arg);
295
296	return NULL;
297	}
298
299	#endif
300
301	const char mgs_set_cache(cmd_parms parms, void *dummy,
302	const char type, const char arg) {
303	const char *err;
304	mgs_srvconf_rec *sc =
305	ap_get_module_config(parms->server->module_config,
306	&gnutls_module);
307	if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
308	return err;
309	}
310
311	if (strcasecmp("none", type) == 0) {
312	sc->cache_type = mgs_cache_none;
313	sc->cache_config = NULL;
314	return NULL;
315	} else if (strcasecmp("dbm", type) == 0) {
316	sc->cache_type = mgs_cache_dbm;
317	} else if (strcasecmp("gdbm", type) == 0) {
318	sc->cache_type = mgs_cache_gdbm;
319	}
320	#if HAVE_APR_MEMCACHE
321	else if (strcasecmp("memcache", type) == 0) {
322	sc->cache_type = mgs_cache_memcache;
323	}
324	#endif
325	else {
326	return "Invalid Type for GnuTLSCache!";
327	}
328
329	if (arg == NULL)
330	return "Invalid argument 2 for GnuTLSCache!";
331
332	if (sc->cache_type == mgs_cache_dbm
333	\|\| sc->cache_type == mgs_cache_gdbm) {
334	sc->cache_config =
335	ap_server_root_relative(parms->pool, arg);
336	} else {
337	sc->cache_config = apr_pstrdup(parms->pool, arg);
338	}
339
340	return NULL;
341	}
342
343	const char mgs_set_cache_timeout(cmd_parms parms, void *dummy,
344	const char *arg) {
345	int argint;
346	const char *err;
347	mgs_srvconf_rec *sc =
348	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
349	module_config,
350	&gnutls_module);
351
352	if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
353	return err;
354	}
355
356	argint = atoi(arg);
357
358	if (argint < 0) {
359	return "GnuTLSCacheTimeout: Invalid argument";
360	} else if (argint == 0) {
361	sc->cache_timeout = 0;
362	} else {
363	sc->cache_timeout = apr_time_from_sec(argint);
364	}
365
366	return NULL;
367	}
368
369	const char mgs_set_client_verify_method(cmd_parms parms, void *dummy,
370	const char *arg) {
371	mgs_srvconf_rec sc = (mgs_srvconf_rec )ap_get_module_config(parms->server->module_config, &gnutls_module);
372
373	if (strcasecmp("cartel", arg) == 0) {
374	sc->client_verify_method = mgs_cvm_cartel;
375	} else if (strcasecmp("msva", arg) == 0) {
376	#ifdef ENABLE_MSVA
377	sc->client_verify_method = mgs_cvm_msva;
378	#else
379	return "GnuTLSClientVerifyMethod: msva is not supported";
380	#endif
381	} else {
382	return "GnuTLSClientVerifyMethod: Invalid argument";
383	}
384
385	return NULL;
386	}
387
388	const char mgs_set_client_verify(cmd_parms parms, void *dummy,
389	const char *arg) {
390	int mode;
391
392	if (strcasecmp("none", arg) == 0 \|\| strcasecmp("ignore", arg) == 0) {
393	mode = GNUTLS_CERT_IGNORE;
394	} else if (strcasecmp("optional", arg) == 0
395	\|\| strcasecmp("request", arg) == 0) {
396	mode = GNUTLS_CERT_REQUEST;
397	} else if (strcasecmp("require", arg) == 0) {
398	mode = GNUTLS_CERT_REQUIRE;
399	} else {
400	return "GnuTLSClientVerify: Invalid argument";
401	}
402
403	/* This was set from a directory context */
404	if (parms->path) {
405	mgs_dirconf_rec dc = (mgs_dirconf_rec ) dummy;
406	dc->client_verify_mode = mode;
407	} else {
408	mgs_srvconf_rec *sc =
409	(mgs_srvconf_rec *)
410	ap_get_module_config(parms->server->module_config,
411	&gnutls_module);
412	sc->client_verify_mode = mode;
413	}
414
415	return NULL;
416	}
417
418	#define INIT_CA_SIZE 128
419
420	const char mgs_set_client_ca_file(cmd_parms parms, void *dummy,
421	const char *arg) {
422	int rv;
423	const char *file;
424	apr_pool_t *spool;
425	gnutls_datum_t data;
426
427	mgs_srvconf_rec *sc =
428	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
429	module_config,
430	&gnutls_module);
431	apr_pool_create(&spool, parms->pool);
432
433	file = ap_server_root_relative(spool, arg);
434
435	if (load_datum_from_file(spool, file, &data) != 0) {
436	return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
437	"Client CA File '%s'", file);
438	}
439
440	sc->ca_list_size = INIT_CA_SIZE;
441	sc->ca_list = malloc(sc->ca_list_size * sizeof (*sc->ca_list));
442	if (sc->ca_list == NULL) {
443	return apr_psprintf(parms->pool,
444	"mod_gnutls: Memory allocation error");
445	}
446
447	rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
448	&data, GNUTLS_X509_FMT_PEM,
449	GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
450	if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) {
451	return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
452	"Client CA File '%s': (%d) %s", file,
453	rv, gnutls_strerror(rv));
454	}
455
456	if (INIT_CA_SIZE < sc->ca_list_size) {
457	sc->ca_list =
458	realloc(sc->ca_list,
459	sc->ca_list_size * sizeof (*sc->ca_list));
460	if (sc->ca_list == NULL) {
461	return apr_psprintf(parms->pool,
462	"mod_gnutls: Memory allocation error");
463	}
464
465	/* re-read */
466	rv = gnutls_x509_crt_list_import(sc->ca_list,
467	&sc->ca_list_size, &data,
468	GNUTLS_X509_FMT_PEM, 0);
469
470	if (rv < 0) {
471	return apr_psprintf(parms->pool,
472	"GnuTLS: Failed to load "
473	"Client CA File '%s': (%d) %s",
474	file, rv, gnutls_strerror(rv));
475	}
476	}
477
478	apr_pool_destroy(spool);
479	return NULL;
480	}
481
482	const char mgs_set_keyring_file(cmd_parms parms, void *dummy,
483	const char *arg) {
484	int rv;
485	const char *file;
486	apr_pool_t *spool;
487	gnutls_datum_t data;
488
489	mgs_srvconf_rec *sc =
490	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
491	module_config,
492	&gnutls_module);
493	apr_pool_create(&spool, parms->pool);
494
495	file = ap_server_root_relative(spool, arg);
496
497	if (load_datum_from_file(spool, file, &data) != 0) {
498	return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
499	"Keyring File '%s'", file);
500	}
501
502	rv = gnutls_openpgp_keyring_init(&sc->pgp_list);
503	if (rv < 0) {
504	return apr_psprintf(parms->pool,
505	"GnuTLS: Failed to initialize"
506	"keyring: (%d) %s", rv,
507	gnutls_strerror(rv));
508	}
509
510	rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data,
511	GNUTLS_OPENPGP_FMT_BASE64);
512	if (rv < 0) {
513	return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
514	"Keyring File '%s': (%d) %s", file, rv,
515	gnutls_strerror(rv));
516	}
517
518	apr_pool_destroy(spool);
519	return NULL;
520	}
521
522	const char mgs_set_proxy_engine(cmd_parms parms, void *dummy,
523	const char *arg) {
524
525	mgs_srvconf_rec sc =(mgs_srvconf_rec )
526	ap_get_module_config(parms->server->module_config, &gnutls_module);
527
528	if (!strcasecmp(arg, "On")) {
529	sc->proxy_enabled = GNUTLS_ENABLED_TRUE;
530	} else if (!strcasecmp(arg, "Off")) {
531	sc->proxy_enabled = GNUTLS_ENABLED_FALSE;
532	} else {
533	return "SSLProxyEngine must be set to 'On' or 'Off'";
534	}
535
536	return NULL;
537	}
538
539	const char mgs_set_enabled(cmd_parms parms, void *dummy,
540	const char *arg) {
541	mgs_srvconf_rec *sc =
542	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
543	module_config,
544	&gnutls_module);
545	if (!strcasecmp(arg, "On")) {
546	sc->enabled = GNUTLS_ENABLED_TRUE;
547	} else if (!strcasecmp(arg, "Off")) {
548	sc->enabled = GNUTLS_ENABLED_FALSE;
549	} else {
550	return "GnuTLSEnable must be set to 'On' or 'Off'";
551	}
552
553	return NULL;
554	}
555
556	const char mgs_set_export_certificates_enabled(cmd_parms parms, void dummy, const char arg) {
557	mgs_srvconf_rec sc = (mgs_srvconf_rec ) ap_get_module_config(parms->server->module_config, &gnutls_module);
558	if (!strcasecmp(arg, "On")) {
559	sc->export_certificates_enabled = GNUTLS_ENABLED_TRUE;
560	} else if (!strcasecmp(arg, "Off")) {
561	sc->export_certificates_enabled = GNUTLS_ENABLED_FALSE;
562	} else {
563	return
564	"GnuTLSExportCertificates must be set to 'On' or 'Off'";
565	}
566
567	return NULL;
568	}
569
570	const char mgs_set_priorities(cmd_parms parms, void dummy, const char arg) {
571
572	int ret;
573	const char *err;
574
575	mgs_srvconf_rec sc = (mgs_srvconf_rec )
576	ap_get_module_config(parms->server->module_config, &gnutls_module);
577
578	ret = gnutls_priority_init(&sc->priorities, arg, &err);
579
580	if (ret < 0) {
581	if (ret == GNUTLS_E_INVALID_REQUEST) {
582	return apr_psprintf(parms->pool,
583	"GnuTLS: Syntax error parsing priorities string at: %s", err);
584	}
585	return "Error setting priorities";
586	}
587
588	return NULL;
589	}
590
591	static mgs_srvconf_rec _mgs_config_server_create(apr_pool_t p, char** err) {
592	mgs_srvconf_rec sc = apr_pcalloc(p, sizeof (sc));
593	int ret;
594
595	sc->enabled = GNUTLS_ENABLED_UNSET;
596
597	ret = gnutls_certificate_allocate_credentials(&sc->certs);
598	if (ret < 0) {
599	*err = apr_psprintf(p, "GnuTLS: Failed to initialize"
600	": (%d) %s", ret,
601	gnutls_strerror(ret));
602	return NULL;
603	}
604
605	ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds);
606	if (ret < 0) {
607	*err = apr_psprintf(p, "GnuTLS: Failed to initialize"
608	": (%d) %s", ret,
609	gnutls_strerror(ret));
610	return NULL;
611	}
612	#ifdef ENABLE_SRP
613	ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds);
614	if (ret < 0) {
615	*err = apr_psprintf(p, "GnuTLS: Failed to initialize"
616	": (%d) %s", ret,
617	gnutls_strerror(ret));
618	return NULL;
619	}
620
621	sc->srp_tpasswd_conf_file = NULL;
622	sc->srp_tpasswd_file = NULL;
623	#endif
624
625	sc->privkey_x509 = NULL;
626	/* Initialize all Certificate Chains */
627	/* FIXME: how do we indicate that this is unset for a merge? (that
628	* is, how can a subordinate server override the chain by setting
629	* an empty one? what would that even look like in the
630	* configuration?) */
631	sc->certs_x509_chain = malloc(MAX_CHAIN_SIZE * sizeof (*sc->certs_x509_chain));
632	sc->certs_x509_chain_num = 0;
633	sc->cache_timeout = -1; /* -1 means "unset" */
634	sc->cache_type = mgs_cache_unset;
635	sc->cache_config = NULL;
636	sc->tickets = GNUTLS_ENABLED_UNSET;
637	sc->priorities = NULL;
638	sc->dh_params = NULL;
639	sc->proxy_enabled = GNUTLS_ENABLED_UNSET;
640	sc->export_certificates_enabled = GNUTLS_ENABLED_UNSET;
641	sc->client_verify_method = mgs_cvm_unset;
642
643	/* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */
644	sc->client_verify_mode = -1;
645
646	return sc;
647	}
648
649	void mgs_config_server_create(apr_pool_t p, server_rec * s) {
650	char *err = NULL;
651	mgs_srvconf_rec *sc = _mgs_config_server_create(p, &err);
652	if (sc) return sc; else return err;
653	}
654
655	#define gnutls_srvconf_merge(t, unset) sc->t = (add->t == unset) ? base->t : add->t
656	#define gnutls_srvconf_assign(t) sc->t = add->t
657
658	void mgs_config_server_merge(apr_pool_t p, void BASE, void ADD) {
659	int i;
660	char *err = NULL;
661	mgs_srvconf_rec base = (mgs_srvconf_rec )BASE;
662	mgs_srvconf_rec add = (mgs_srvconf_rec )ADD;
663	mgs_srvconf_rec *sc = _mgs_config_server_create(p, &err);
664	if (NULL == sc) return err;
665
666	gnutls_srvconf_merge(enabled, GNUTLS_ENABLED_UNSET);
667	gnutls_srvconf_merge(tickets, GNUTLS_ENABLED_UNSET);
668	gnutls_srvconf_merge(proxy_enabled, GNUTLS_ENABLED_UNSET);
669	gnutls_srvconf_merge(export_certificates_enabled, GNUTLS_ENABLED_UNSET);
670	gnutls_srvconf_merge(client_verify_method, mgs_cvm_unset);
671	gnutls_srvconf_merge(client_verify_mode, -1);
672	gnutls_srvconf_merge(srp_tpasswd_file, NULL);
673	gnutls_srvconf_merge(srp_tpasswd_conf_file, NULL);
674	gnutls_srvconf_merge(privkey_x509, NULL);
675	gnutls_srvconf_merge(priorities, NULL);
676	gnutls_srvconf_merge(dh_params, NULL);
677
678	/* FIXME: the following items are pre-allocated, and should be
679	* properly disposed of before assigning in order to avoid leaks;
680	* so at the moment, we can't actually have them in the config.
681	* what happens during de-allocation?
682
683	* This is probably leaky.
684	*/
685	gnutls_srvconf_assign(certs);
686	gnutls_srvconf_assign(anon_creds);
687	gnutls_srvconf_assign(srp_creds);
688	gnutls_srvconf_assign(certs_x509_chain);
689	gnutls_srvconf_assign(certs_x509_chain_num);
690
691	/* how do these get transferred cleanly before the data from ADD
692	* goes away? */
693	gnutls_srvconf_assign(cert_cn);
694	for (i = 0; i < MAX_CERT_SAN; i++)
695	gnutls_srvconf_assign(cert_san[i]);
696	gnutls_srvconf_assign(ca_list);
697	gnutls_srvconf_assign(ca_list_size);
698	gnutls_srvconf_assign(cert_pgp);
699	gnutls_srvconf_assign(pgp_list);
700	gnutls_srvconf_assign(privkey_pgp);
701
702	return sc;
703	}
704
705	#undef gnutls_srvconf_merge
706	#undef gnutls_srvconf_assign
707
708	void mgs_config_dir_merge(apr_pool_t p, void basev, void addv) {
709	mgs_dirconf_rec *new;
710	/* mgs_dirconf_rec base = (mgs_dirconf_rec ) basev; */
711	mgs_dirconf_rec add = (mgs_dirconf_rec ) addv;
712
713	new = (mgs_dirconf_rec *) apr_pcalloc(p, sizeof (mgs_dirconf_rec));
714	new->client_verify_mode = add->client_verify_mode;
715	return new;
716	}
717
718	void mgs_config_dir_create(apr_pool_t p, char *dir) {
719	mgs_dirconf_rec dc = apr_palloc(p, sizeof (dc));
720	dc->client_verify_mode = -1;
721	return dc;
722	}
723

Note: See TracBrowser for help on using the repository browser.

Download in other formats: