Changeset 017ef2d in mod_gnutls


Ignore:
Timestamp:
Sep 17, 2017, 11:06:44 AM (3 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master
Children:
98cf33f
Parents:
cebb74a
git-author:
Thomas Klute <thomas2.klute@…> (09/17/17 08:36:42)
git-committer:
Thomas Klute <thomas2.klute@…> (09/17/17 11:06:44)
Message:

Cleanup of post client hello and SNI handling functions

  • Get module context from GnuTLS session via session pointer, not transport pointer. No functional difference at the moment, but it's the semantically correct pointer.
  • Add trace level logging for SNI.
  • Restructure code for clarity.
  • Update documentation.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    re389b85 r017ef2d  
    134134}
    135135
    136 static int mgs_select_virtual_server_cb(gnutls_session_t session) {
    137 
    138     mgs_handle_t *ctxt = NULL;
    139     mgs_srvconf_rec *tsc = NULL;
     136/**
     137 * Post client hello function for GnuTLS, used to configure the TLS
     138 * server based on virtual host configuration. Uses SNI to select the
     139 * virtual host if available.
     140 *
     141 * @param session the TLS session
     142 *
     143 * @return zero or a GnuTLS error code, as required by GnuTLS hook
     144 * definition
     145 */
     146static int mgs_select_virtual_server_cb(gnutls_session_t session)
     147{
    140148    int ret = 0;
    141 
    142     _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    143 
    144     ctxt = gnutls_transport_get_ptr(session);
    145 
    146     /* find the virtual server */
    147     tsc = mgs_find_sni_server(session);
    148 
    149     if (tsc != NULL) {
    150         // Found a TLS vhost based on the SNI from the client; use it instead.
     149    mgs_handle_t *ctxt = gnutls_session_get_ptr(session);
     150
     151    /* try to find a virtual host */
     152    mgs_srvconf_rec *tsc = mgs_find_sni_server(session);
     153    if (tsc != NULL)
     154    {
     155        /* Found a TLS vhost based on the SNI, configure the
     156         * connection context. */
    151157        ctxt->sc = tsc;
    152158        }
     
    177183     * negotiation.
    178184     */
    179 
    180185    ret = gnutls_priority_set(session, ctxt->sc->priorities);
     186
    181187    /* actually it shouldn't fail since we have checked at startup */
    182188    return ret;
    183 
    184189}
    185190
     
    831836mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session)
    832837{
    833     int rv;
    834838    unsigned int sni_type;
    835839    size_t data_len = MAX_HOST_LEN;
    836840    char sni_name[MAX_HOST_LEN];
    837     mgs_handle_t *ctxt;
    838     vhost_cb_rec cbx;
    839841
    840842    if (session == NULL)
    841843        return NULL;
    842844
    843     _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    844     ctxt = gnutls_transport_get_ptr(session);
    845 
    846     rv = gnutls_server_name_get(ctxt->session, sni_name,
    847             &data_len, &sni_type, 0);
     845    mgs_handle_t *ctxt = gnutls_session_get_ptr(session);
     846    int rv = gnutls_server_name_get(session, sni_name,
     847                                    &data_len, &sni_type, 0);
     848
    848849
    849850    if (rv != 0) {
     851        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, APR_EGENERAL, ctxt->c,
     852                      "%s: no SNI data found: %s (%d)",
     853                      __func__, gnutls_strerror(rv), rv);
    850854        return NULL;
    851855    }
     
    858862    }
    859863
    860     /**
    861      * Code in the Core already sets up the c->base_server as the base
    862      * for this IP/Port combo.  Trust that the core did the 'right' thing.
    863      */
    864     cbx.ctxt = ctxt;
    865     cbx.sc = NULL;
    866     cbx.sni_name = sni_name;
    867 
     864    ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c,
     865                  "%s: client requested server '%s'.",
     866                  __func__, sni_name);
     867
     868    /* Search for vhosts matching connection parameters and the
     869     * SNI. If a match is found, cbx.sc will contain the mod_gnutls
     870     * server config for the vhost. */
     871    vhost_cb_rec cbx = {
     872        .ctxt = ctxt,
     873        .sc = NULL,
     874        .sni_name = sni_name
     875    };
    868876    rv = ap_vhost_iterate_given_conn(ctxt->c, vhost_cb, &cbx);
    869877    if (rv == 1) {
Note: See TracChangeset for help on using the changeset viewer.