Changeset 031acac in mod_gnutls for include


Ignore:
Timestamp:
Jul 3, 2014, 1:00:29 PM (9 years ago)
Author:
Nikos Mavrogiannopoulos <nmav@…>
Branches:
asyncio, debian/master, debian/stretch-backports, jessie-backports, main, master, proxy-ticket, upstream
Children:
7314438
Parents:
765cac2
git-author:
Nikos Mavrogiannopoulos <nmav@…> (06/24/14 10:28:03)
git-committer:
Nikos Mavrogiannopoulos <nmav@…> (07/03/14 13:00:29)
Message:

Use the new (3.1.3+) GnuTLS APIs to obtain private keys.

This allows the loading a private key from a PKCS #11 or a TPM URL
(the GnuTLSPIN and GnuTLSSRKPIN variables should be set), and loading
encrypted private keys in PKCS #8, PKCS #12 or openssl format.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • include/mod_gnutls.h.in

    r765cac2 r031acac  
    3434#include <gnutls/extra.h>
    3535#endif
     36#include <gnutls/abstract.h>
    3637#include <gnutls/openpgp.h>
    3738#include <gnutls/x509.h>
     
    104105/* Server Configuration Record */
    105106typedef struct {
     107    /* --- Configuration values --- */
     108        /* Is the module enabled? */
     109    int enabled;
     110        /* Is mod_proxy enabled? */
     111    int proxy_enabled;
     112        /* A Plain HTTP request */
     113    int non_ssl_request;
     114
     115    /* PIN used for PKCS #11 operations */
     116    char *pin;
     117
     118    /* the SRK PIN used in TPM operations */
     119    char *srk_pin;
     120
     121    char *x509_cert_file;
     122    char *x509_key_file;
     123    char *x509_ca_file;
     124
     125    char *pgp_cert_file;
     126    char *pgp_key_file;
     127    char *pgp_ring_file;
     128
     129    char *dh_file;
     130   
     131    char *priorities_str;
     132
     133    const char* srp_tpasswd_file;
     134    const char* srp_tpasswd_conf_file;
     135
     136        /* Cache timeout value */
     137    int cache_timeout;
     138        /* Chose Cache Type */
     139    mgs_cache_e cache_type;
     140    const char* cache_config;
     141
     142        /* GnuTLS uses Session Tickets */
     143    int tickets;
     144
     145    /* --- Things initialized at _child_init --- */
     146
    106147        /* x509 Certificate Structure */
    107148    gnutls_certificate_credentials_t certs;
     
    113154    char* cert_cn;
    114155        /* Current x509 Certificate SAN [Subject Alternate Name]s*/
    115         char* cert_san[MAX_CERT_SAN];
    116         /* A x509 Certificate Chain */
    117     gnutls_x509_crt_t *certs_x509_chain;
    118         /* Current x509 Certificate Private Key */
    119     gnutls_x509_privkey_t privkey_x509;
    120         /* OpenPGP Certificate */
    121     gnutls_openpgp_crt_t cert_pgp;
    122         /* OpenPGP Certificate Private Key */
    123     gnutls_openpgp_privkey_t privkey_pgp;
     156    char* cert_san[MAX_CERT_SAN];
     157        /* An x509 Certificate Chain */
     158    gnutls_pcert_st *certs_x509_chain;
     159    gnutls_x509_crt_t *certs_x509_crt_chain;
    124160        /* Number of Certificates in Chain */
    125161    unsigned int certs_x509_chain_num;
    126         /* Is the module enabled? */
    127     int enabled;
     162
     163        /* Current x509 Certificate Private Key */
     164    gnutls_privkey_t privkey_x509;
     165
     166        /* OpenPGP Certificate */
     167    gnutls_pcert_st *cert_pgp;
     168    gnutls_openpgp_crt_t *cert_crt_pgp;
     169
     170        /* OpenPGP Certificate Private Key */
     171    gnutls_privkey_t privkey_pgp;
     172
    128173    /* Export full certificates to CGI environment: */
    129174    int export_certificates_size;
     
    132177        /* GnuTLS DH Parameters */
    133178    gnutls_dh_params_t dh_params;
    134         /* Cache timeout value */
    135     int cache_timeout;
    136         /* Chose Cache Type */
    137     mgs_cache_e cache_type;
    138     const char* cache_config;
    139     const char* srp_tpasswd_file;
    140     const char* srp_tpasswd_conf_file;
    141179        /* A list of CA Certificates */
    142180    gnutls_x509_crt_t *ca_list;
     
    151189        /* Last Cache timestamp */
    152190    apr_time_t last_cache_check;
    153         /* GnuTLS uses Session Tickets */
    154     int tickets;
    155         /* Is mod_proxy enabled? */
    156     int proxy_enabled;
    157         /* A Plain HTTP request */
    158     int non_ssl_request;
    159191} mgs_srvconf_rec;
    160192
     
    302334
    303335/**
     336 * Perform any reinitialization required in PKCS #11
     337 */
     338int mgs_pkcs11_reinit(server_rec * s);
     339
     340/**
    304341 * Convert a SSL Session ID into a Null Terminated Hex Encoded String
    305342 * @param id raw SSL Session ID
     
    321358
    322359/* Configuration Functions */
     360
     361/* Loads all files set in the configuration */
     362int mgs_load_files(apr_pool_t * p, server_rec * s);
    323363
    324364const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
     
    354394const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
    355395                                   const char *arg);
     396const char *mgs_set_pin(cmd_parms * parms, void *dummy,
     397                                   const char *arg);
     398
     399const char *mgs_set_srk_pin(cmd_parms * parms, void *dummy,
     400                                   const char *arg);
    356401
    357402const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
Note: See TracChangeset for help on using the changeset viewer.