Changeset 0de1839 in mod_gnutls for include


Ignore:
Timestamp:
Mar 19, 2015, 8:27:45 AM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master, debian, jessie-backports, upstream
Children:
91ccb87
Parents:
10b3370
Message:

Support X.509 auth for TLS proxy connections

This commit adds support for X.509 certificate based authentication for
TLS proxy back end connections, including both server certificate
checking and (optionally) TLS client authentication. Some functions used
for this require GnuTLS 3.1.4 or later, so requirements change
accordingly.

Three new configuration parameters are added:

GnuTLSProxyCAFile FILEPATH

The given file must contain trusted CA certificates for server
verification. Required.

GnuTLSProxyKeyFile FILEPATH
GnuTLSProxyCertificateFile FILEPATH

Key and certificate for TLS client auth towards TLS back end servers. If
not set, TLS client auth is disabled.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    rbeb14d9 r0de1839  
    104104/* Server Configuration Record */
    105105typedef struct {
    106         /* x509 Certificate Structure */
     106    /* x509 Certificate Structure */
    107107    gnutls_certificate_credentials_t certs;
    108         /* SRP Certificate Structure*/
     108    /* x509 credentials for proxy connections */
     109    gnutls_certificate_credentials_t proxy_x509_creds;
     110    const char* proxy_x509_key_file;
     111    const char* proxy_x509_cert_file;
     112    const char* proxy_x509_ca_file;
     113    /* SRP Certificate Structure*/
    109114    gnutls_srp_server_credentials_t srp_creds;
    110115    /* Anonymous Certificate Structure */
     
    388393mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
    389394
     395const char *mgs_store_cred_path(cmd_parms * parms,
     396                                void *dummy __attribute__((unused)),
     397                                const char *arg);
     398
    390399/* mod_gnutls Hooks. */
    391400
Note: See TracChangeset for help on using the changeset viewer.