source: mod_gnutls/test/tests/Makefile.am

mod_gnutls/0.12.0
Last change on this file was eb21e89, checked in by Fiona Klute <fiona.klute@…>, 2 months ago

Fix server_rec references in mgs_get_ocsp_response()

During the handshake the base_server of the relevant conn_rec is
always the first vhost matching the host/port combination of the
incoming connection. By the time an OCSP response is requested
mod_gnutls may already have selected another server based on SNI, but
Apache hasn't updated the conn_rec yet. In that case c->base_server
does not refer to the right server, and if that server reference is
used to get the mod_gnutls configuration it'll be the wrong one.

That behavior caused a bug where caching a fresh OCSP response during
handshake failed if the initial vhost had OCSP stapling disabled,
because with stapling disabled the cache lifetime is set to -1. In
other cases a wrong cache lifetime might have been used.

The bug is fixed by using the mod_gnutls server configuration
referenced by the mod_gnutls connection structure, which has already
been updated by the SNI parsing code. It contains a reference to the
correct server_rec.

This commit also contains a regression test.

  • Property mode set to 100644
File size: 2.6 KB
Line 
1EXTRA_DIST = \
2        00_basic/apache.conf 00_basic/test.yaml \
3        01_priorities_config/apache.conf 01_priorities_config/test.yaml \
4        02_cache_in_vhost/apache.conf 02_cache_in_vhost/fail.server 02_cache_in_vhost/test.yaml \
5        03_cachetimeout_in_vhost/apache.conf 03_cachetimeout_in_vhost/test.yaml \
6        04_name_based_vhosts/apache.conf 04_name_based_vhosts/test.yaml \
7        05_client_handshake_error/apache.conf 05_client_handshake_error/test.yaml \
8        06_invalid_plaintext/apache.conf 06_invalid_plaintext/hooks.py \
9        10_client_verification/apache.conf 10_client_verification/test.yaml \
10        12_cgi_variables/apache.conf 12_cgi_variables/test.yaml \
11        14_resume_session/apache.conf 14_resume_session/hooks.py 14_resume_session/test.yaml \
12        15_basic_msva/apache.conf 15_basic_msva/hooks.py 15_basic_msva/test.yaml \
13        16_view-status/apache.conf 16_view-status/test.yaml \
14        17_cgi_vars_large_cert/apache.conf 17_cgi_vars_large_cert/test.yaml \
15        19_TLS_reverse_proxy/apache.conf 19_TLS_reverse_proxy/backend.conf 19_TLS_reverse_proxy/test.yaml \
16        20_TLS_reverse_proxy_client_auth/apache.conf 20_TLS_reverse_proxy_client_auth/backend.conf 20_TLS_reverse_proxy_client_auth/test.yaml \
17        21_TLS_reverse_proxy_wrong_cert/apache.conf 21_TLS_reverse_proxy_wrong_cert/backend.conf 21_TLS_reverse_proxy_wrong_cert/test.yaml \
18        22_TLS_reverse_proxy_crl_revoke/apache.conf 22_TLS_reverse_proxy_crl_revoke/backend.conf 22_TLS_reverse_proxy_crl_revoke/test.yaml \
19        23_TLS_reverse_proxy_mismatched_priorities/apache.conf 23_TLS_reverse_proxy_mismatched_priorities/backend.conf 23_TLS_reverse_proxy_mismatched_priorities/test.yaml \
20        24_pkcs11_cert/apache.conf 24_pkcs11_cert/hooks.py 24_pkcs11_cert/test.yaml \
21        26_redirect_HTTP_to_HTTPS/apache.conf 26_redirect_HTTP_to_HTTPS/test.yaml \
22        27_OCSP_server/apache.conf 27_OCSP_server/hooks.py 27_OCSP_server/ocsp.conf 27_OCSP_server/test.yaml \
23        28_HTTP2_support/apache.conf 28_HTTP2_support/hooks.py \
24        29_OCSP_server_no_async/apache.conf 29_OCSP_server_no_async/hooks.py 29_OCSP_server_no_async/ocsp.conf 29_OCSP_server_no_async/test.yaml \
25        30_ip_based_vhosts/apache.conf 30_ip_based_vhosts/hooks.py 30_ip_based_vhosts/test.yaml \
26        34_TLS_reverse_proxy_h2/apache.conf 34_TLS_reverse_proxy_h2/hooks.py 34_TLS_reverse_proxy_h2/backend.conf 34_TLS_reverse_proxy_h2/test.yaml \
27        35_client_reauth/apache.conf 35_client_reauth/test.yaml \
28        36_OCSP_server_nonce/apache.conf 36_OCSP_server_nonce/hooks.py 36_OCSP_server_nonce/ocsp.conf 36_OCSP_server_nonce/test.yaml \
29        37_TLS_reverse_proxy_resume_session/apache.conf 37_TLS_reverse_proxy_resume_session/backend.conf 37_TLS_reverse_proxy_resume_session/hooks.py 37_TLS_reverse_proxy_resume_session/test.yaml
Note: See TracBrowser for help on using the repository browser.