Changeset 017ef2d in mod_gnutls

Timestamp:

Sep 17, 2017, 11:06:44 AM (5 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream

Children:

98cf33f

Parents:

cebb74a

git-author:

Thomas Klute <thomas2.klute@…> (09/17/17 08:36:42)

git-committer:

Thomas Klute <thomas2.klute@…> (09/17/17 11:06:44)

Message:

Cleanup of post client hello and SNI handling functions

• Get module context from GnuTLS session via session pointer, not transport pointer. No functional difference at the moment, but it's the semantically correct pointer.
• Add trace level logging for SNI.
• Restructure code for clarity.
• Update documentation.

File:

• src/gnutls_hooks.c (modified) (4 diffs)

src/gnutls_hooks.c

@@ -134 +134 @@
 }
 
-static int mgs_select_virtual_server_cb(gnutls_session_t session) {
-
-    mgs_handle_t *ctxt = NULL;
-    mgs_srvconf_rec *tsc = NULL;
+/**
+ * Post client hello function for GnuTLS, used to configure the TLS
+ * server based on virtual host configuration. Uses SNI to select the
+ * virtual host if available.
+ *
+ * @param session the TLS session
+ *
+ * @return zero or a GnuTLS error code, as required by GnuTLS hook
+ * definition
+ */
+static int mgs_select_virtual_server_cb(gnutls_session_t session)
+{
     int ret = 0;
-
-    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
-
-    ctxt = gnutls_transport_get_ptr(session);
-
-    /* find the virtual server */
-    tsc = mgs_find_sni_server(session);
-
-    if (tsc != NULL) {
-        // Found a TLS vhost based on the SNI from the client; use it instead.
+    mgs_handle_t *ctxt = gnutls_session_get_ptr(session);
+
+    /* try to find a virtual host */
+    mgs_srvconf_rec *tsc = mgs_find_sni_server(session);
+    if (tsc != NULL)
+    {
+        /* Found a TLS vhost based on the SNI, configure the
+         * connection context. */
         ctxt->sc = tsc;
         }
@@ -177 +183 @@
      * negotiation.
      */
-
     ret = gnutls_priority_set(session, ctxt->sc->priorities);
+
     /* actually it shouldn't fail since we have checked at startup */
     return ret;
-
 }
 
@@ -831 +836 @@
 mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session)
 {
-    int rv;
     unsigned int sni_type;
     size_t data_len = MAX_HOST_LEN;
     char sni_name[MAX_HOST_LEN];
-    mgs_handle_t *ctxt;
-    vhost_cb_rec cbx;
 
     if (session == NULL)
         return NULL;
 
-    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
-    ctxt = gnutls_transport_get_ptr(session);
-
-    rv = gnutls_server_name_get(ctxt->session, sni_name,
-            &data_len, &sni_type, 0);
+    mgs_handle_t *ctxt = gnutls_session_get_ptr(session);
+    int rv = gnutls_server_name_get(session, sni_name,
+                                    &data_len, &sni_type, 0);
+
 
     if (rv != 0) {
+        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, APR_EGENERAL, ctxt->c,
+                      "%s: no SNI data found: %s (%d)",
+                      __func__, gnutls_strerror(rv), rv);
         return NULL;
     }
@@ -858 +862 @@
     }
 
-    /**
-     * Code in the Core already sets up the c->base_server as the base
-     * for this IP/Port combo.  Trust that the core did the 'right' thing.
-     */
-    cbx.ctxt = ctxt;
-    cbx.sc = NULL;
-    cbx.sni_name = sni_name;
-
+    ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
+                  "%s: client requested server '%s'.",
+                  __func__, sni_name);
+
+    /* Search for vhosts matching connection parameters and the
+     * SNI. If a match is found, cbx.sc will contain the mod_gnutls
+     * server config for the vhost. */
+    vhost_cb_rec cbx = {
+        .ctxt = ctxt,
+        .sc = NULL,
+        .sni_name = sni_name
+    };
     rv = ap_vhost_iterate_given_conn(ctxt->c, vhost_cb, &cbx);
     if (rv == 1) {