- Timestamp:
- Jan 29, 2013, 8:05:42 PM (8 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
- Children:
- 0367e02
- Parents:
- 32538ff
- git-author:
- Daniel Kahn Gillmor <dkg@…> (01/27/13 03:53:01)
- git-committer:
- Daniel Kahn Gillmor <dkg@…> (01/29/13 20:05:42)
- Location:
- src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_cache.c
r32538ff r040387c 561 561 int mgs_cache_post_config(apr_pool_t * p, server_rec * s, 562 562 mgs_srvconf_rec * sc) { 563 564 /* if GnuTLSCache was never explicitly set: */ 565 if (sc->cache_type == mgs_cache_unset) 566 sc->cache_type = mgs_cache_none; 567 /* if GnuTLSCacheTimeout was never explicitly set: */ 568 if (sc->cache_timeout == -1) 569 sc->cache_timeout = apr_time_from_sec(300); 570 563 571 if (sc->cache_type == mgs_cache_dbm 564 572 || sc->cache_type == mgs_cache_gdbm) { -
src/gnutls_config.c
r32538ff r040387c 544 544 } 545 545 546 void *mgs_config_server_create(apr_pool_t * p, server_rec * s) {546 static mgs_srvconf_rec *_mgs_config_server_create(apr_pool_t * p, char** err) { 547 547 mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof (*sc)); 548 548 int ret; 549 549 550 sc->enabled = GNUTLS_ENABLED_ FALSE;550 sc->enabled = GNUTLS_ENABLED_UNSET; 551 551 552 552 ret = gnutls_certificate_allocate_credentials(&sc->certs); 553 553 if (ret < 0) { 554 return apr_psprintf(p, "GnuTLS: Failed to initialize" 555 ": (%d) %s", ret, 556 gnutls_strerror(ret)); 554 *err = apr_psprintf(p, "GnuTLS: Failed to initialize" 555 ": (%d) %s", ret, 556 gnutls_strerror(ret)); 557 return NULL; 557 558 } 558 559 559 560 ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds); 560 561 if (ret < 0) { 561 return apr_psprintf(p, "GnuTLS: Failed to initialize" 562 ": (%d) %s", ret, 563 gnutls_strerror(ret)); 562 *err = apr_psprintf(p, "GnuTLS: Failed to initialize" 563 ": (%d) %s", ret, 564 gnutls_strerror(ret)); 565 return NULL; 564 566 } 565 567 #ifdef ENABLE_SRP 566 568 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); 567 569 if (ret < 0) { 568 return apr_psprintf(p, "GnuTLS: Failed to initialize" 569 ": (%d) %s", ret, 570 gnutls_strerror(ret)); 570 *err = apr_psprintf(p, "GnuTLS: Failed to initialize" 571 ": (%d) %s", ret, 572 gnutls_strerror(ret)); 573 return NULL; 571 574 } 572 575 … … 577 580 sc->privkey_x509 = NULL; 578 581 /* Initialize all Certificate Chains */ 582 /* FIXME: how do we indicate that this is unset for a merge? (that 583 * is, how can a subordinate server override the chain by setting 584 * an empty one? what would that even look like in the 585 * configuration?) */ 579 586 sc->certs_x509_chain = malloc(MAX_CHAIN_SIZE * sizeof (*sc->certs_x509_chain)); 580 587 sc->certs_x509_chain_num = 0; 581 sc->cache_timeout = apr_time_from_sec(300);582 sc->cache_type = mgs_cache_ none;588 sc->cache_timeout = -1; /* -1 means "unset" */ 589 sc->cache_type = mgs_cache_unset; 583 590 sc->cache_config = NULL; 584 /* By default enable session tickets */ 585 sc->tickets = GNUTLS_ENABLED_TRUE; 586 587 sc->client_verify_mode = GNUTLS_CERT_IGNORE; 591 sc->tickets = GNUTLS_ENABLED_UNSET; 592 sc->priorities = NULL; 593 sc->dh_params = NULL; 594 sc->proxy_enabled = GNUTLS_ENABLED_UNSET; 595 596 /* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */ 597 sc->client_verify_mode = -1; 588 598 589 599 return sc; 590 600 } 601 602 void *mgs_config_server_create(apr_pool_t * p, server_rec * s) { 603 char *err = NULL; 604 mgs_srvconf_rec *sc = _mgs_config_server_create(p, &err); 605 if (sc) return sc; else return err; 606 } 607 608 #define gnutls_srvconf_merge(t, unset) sc->t = (add->t == unset) ? base->t : add->t 609 #define gnutls_srvconf_assign(t) sc->t = add->t 610 611 void *mgs_config_server_merge(apr_pool_t *p, void *BASE, void *ADD) { 612 int i; 613 char *err = NULL; 614 mgs_srvconf_rec *base = (mgs_srvconf_rec *)BASE; 615 mgs_srvconf_rec *add = (mgs_srvconf_rec *)ADD; 616 mgs_srvconf_rec *sc = _mgs_config_server_create(p, &err); 617 if (NULL == sc) return err; 618 619 gnutls_srvconf_merge(enabled, GNUTLS_ENABLED_UNSET); 620 gnutls_srvconf_merge(tickets, GNUTLS_ENABLED_UNSET); 621 gnutls_srvconf_merge(proxy_enabled, GNUTLS_ENABLED_UNSET); 622 gnutls_srvconf_merge(client_verify_mode, -1); 623 gnutls_srvconf_merge(srp_tpasswd_file, NULL); 624 gnutls_srvconf_merge(srp_tpasswd_conf_file, NULL); 625 gnutls_srvconf_merge(privkey_x509, NULL); 626 gnutls_srvconf_merge(priorities, NULL); 627 gnutls_srvconf_merge(dh_params, NULL); 628 629 /* FIXME: the following items are pre-allocated, and should be 630 * properly disposed of before assigning in order to avoid leaks; 631 * so at the moment, we can't actually have them in the config. 632 * what happens during de-allocation? 633 634 * This is probably leaky. 635 */ 636 gnutls_srvconf_assign(certs); 637 gnutls_srvconf_assign(anon_creds); 638 gnutls_srvconf_assign(srp_creds); 639 gnutls_srvconf_assign(certs_x509_chain); 640 gnutls_srvconf_assign(certs_x509_chain_num); 641 642 /* how do these get transferred cleanly before the data from ADD 643 * goes away? */ 644 gnutls_srvconf_assign(cert_cn); 645 for (i = 0; i < MAX_CERT_SAN; i++) 646 gnutls_srvconf_assign(cert_san[i]); 647 gnutls_srvconf_assign(ca_list); 648 gnutls_srvconf_assign(ca_list_size); 649 gnutls_srvconf_assign(cert_pgp); 650 gnutls_srvconf_assign(pgp_list); 651 gnutls_srvconf_assign(privkey_pgp); 652 653 return sc; 654 } 655 656 #undef gnutls_srvconf_merge 657 #undef gnutls_srvconf_assign 591 658 592 659 void *mgs_config_dir_merge(apr_pool_t * p, void *basev, void *addv) { … … 605 672 return dc; 606 673 } 674 -
src/gnutls_hooks.c
r32538ff r040387c 344 344 sc->cache_type = sc_base->cache_type; 345 345 sc->cache_config = sc_base->cache_config; 346 sc->cache_timeout = sc_base->cache_timeout; 347 348 /* defaults for unset values: */ 349 if (sc->enabled == GNUTLS_ENABLED_UNSET) 350 sc->enabled = GNUTLS_ENABLED_FALSE; 351 if (sc->tickets == GNUTLS_ENABLED_UNSET) 352 sc->tickets = GNUTLS_ENABLED_TRUE; 353 if (sc->client_verify_mode == -1) 354 sc->client_verify_mode = GNUTLS_CERT_IGNORE; 355 346 356 347 357 /* Check if the priorities have been set */ -
src/mod_gnutls.c
r32538ff r040387c 184 184 .merge_dir_config = mgs_config_dir_merge, 185 185 .create_server_config = mgs_config_server_create, 186 .merge_server_config = mgs_config_server_merge, 186 187 .cmds = mgs_config_cmds, 187 188 .register_hooks = gnutls_hooks
Note: See TracChangeset
for help on using the changeset viewer.