Changeset 0da10eb in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Nov 21, 2018, 2:38:58 PM (23 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
2ead314
Parents:
0020874
Message:

Document Early SNI related functions and rename the post client hello hook

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    r0020874 r0da10eb  
    351351
    352352/**
    353  * Post client hello function for GnuTLS, used to configure the TLS
    354  * server based on virtual host configuration. Uses SNI to select the
    355  * virtual host if available.
     353 * Post client hello hook function for GnuTLS. This function has two
     354 * purposes: Firstly, it acts as a fallback for early_sni_hook(), by
     355 * parsing SNI and selecting a virtual host based on it if
     356 * necessary. Secondly, it calls ALPN processing.
    356357 *
    357358 * @param session the TLS session
     
    360361 * definition
    361362 */
    362 static int mgs_select_virtual_server_cb(gnutls_session_t session)
     363static int post_client_hello_hook(gnutls_session_t session)
    363364{
    364365    int ret = 0;
     
    10221023
    10231024#ifdef ENABLE_EARLY_SNI
     1025/**
     1026 * Pre client hello hook function for GnuTLS that implements early SNI
     1027 * processing using `gnutls_ext_raw_parse()` (available since GnuTLS
     1028 * 3.6.3). Reading the SNI (if any) before GnuTLS processes the client
     1029 * hello allows loading virtual host settings that cannot be changed
     1030 * in the post client hello hook, including ALPN proposals (required
     1031 * for HTTP/2 support using the `Protocols` directive). In addition to
     1032 * ALPN this function configures the server credentials.
     1033 *
     1034 * The function signature is required by the GnuTLS API.
     1035 *
     1036 * @param session the current session
     1037 * @param htype handshake message type
     1038 * @param when hook position relative to GnuTLS processing
     1039 * @param incoming true if the message is incoming, for client hello
     1040 * that means the hook is running on the server
     1041 * @param msg raw message data
     1042 *
     1043 * @return `GNUTLS_E_SUCCESS` or a GnuTLS error code
     1044 */
    10241045static int early_sni_hook(gnutls_session_t session,
    1025                           unsigned int htype __attribute__((unused)),
    1026                           unsigned when __attribute__((unused)),
     1046                          unsigned int htype,
     1047                          unsigned when,
    10271048                          unsigned int incoming,
    10281049                          const gnutls_datum_t *msg)
     
    11761197    /* Post client hello hook (called after GnuTLS has parsed it) */
    11771198    gnutls_handshake_set_post_client_hello_function(ctxt->session,
    1178             mgs_select_virtual_server_cb);
     1199            post_client_hello_hook);
    11791200
    11801201    /* Set GnuTLS user pointer, so we can access the module session
     
    11821203    gnutls_session_set_ptr(ctxt->session, ctxt);
    11831204
    1184     /* If mod_gnutls is the TLS server, mgs_select_virtual_server_cb
    1185      * will load appropriate credentials during handshake. However,
     1205    /* If mod_gnutls is the TLS server, early_sni_hook (or
     1206     * post_client_hello_hook, if early SNI is not available) will
     1207     * load appropriate credentials during the handshake. However,
    11861208     * when handling a proxy backend connection, mod_gnutls acts as
    11871209     * TLS client and credentials must be loaded here. */
Note: See TracChangeset for help on using the changeset viewer.