Changeset 104e881 in mod_gnutls

Timestamp:

Dec 6, 2016, 2:13:55 AM (6 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

asyncio, debian/master, debian/stretch-backports, main, master, proxy-ticket, upstream

Children:

e0e0b0f

Parents:

14548b9

Message:

General comment updates for Doxygen compatibility

Mostly /* */ vs. / */ changes so Doxygen does catch the correct
descriptions instead of e.g. license headers, plus some minor comment
updates.

Files:

• include/mod_gnutls.h.in (modified) (2 diffs)
• src/gnutls_cache.h (modified) (5 diffs)
• src/gnutls_config.c (modified) (2 diffs)
• src/gnutls_config.h (modified) (1 diff)
• src/gnutls_hooks.c (modified) (5 diffs)
• src/gnutls_io.c (modified) (3 diffs)
• src/gnutls_ocsp.c (modified) (3 diffs)
• src/gnutls_ocsp.h (modified) (4 diffs)
• src/gnutls_util.c (modified) (1 diff)
• src/gnutls_util.h (modified) (2 diffs)
• src/mod_gnutls.c (modified) (3 diffs)

include/mod_gnutls.h.in

@@ -1 @@
-/**
+/*
  *  Copyright 2004-2005 Paul Querna
  *  Copyright 2014 Nikos Mavrogiannopoulos
@@ -15 +15 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- *
  */
 

src/gnutls_cache.h

@@ -20 +20 @@
  * @file
  *
- * Generic object cache for mod_gnutls
+ * Generic object cache for mod_gnutls.
  */
 
@@ -37 +37 @@
  * function is called after the configuration file(s) have been
  * parsed.
+ *
+ * @param p configuration memory pool
+ * @param s default server of the Apache configuration, head of the
+ * server list
+ * @param sc mod_gnutls data associated with `s`
  */
 int mgs_cache_post_config(apr_pool_t *p, server_rec *s, mgs_srvconf_rec *sc);
 
 /**
- * (Re-)Initialize the cache in a child process after forking
+ * (Re-)Initialize the cache in a child process after forking.
+ *
+ * @param p child memory pool provided by Apache
+ * @param s default server of the Apache configuration, head of the
+ * server list
+ * @param sc mod_gnutls data associated with `s`
  */
 int mgs_cache_child_init(apr_pool_t *p, server_rec *s, mgs_srvconf_rec *sc);
 
 /**
- * Setup caching for the given TLS session
+ * Set up caching for the given TLS session.
  *
  * @param ctxt mod_gnutls session context
+ *
  * @return 0
  */
@@ -57 +68 @@
 /**
  * Convert a `time_t` into a null terminated string in a format
- * compatible with OpenSSL's `ASN1_TIME_print()`
+ * compatible with OpenSSL's `ASN1_TIME_print()`.
  *
  * @param t time_t time
  * @param str Location to store the time string
  * @param strsize The maximum length that can be stored in `str`
+ *
  * @return `str`
  */
@@ -67 +79 @@
 
 /**
- * Generic store function for the mod_gnutls object cache
+ * Generic store function for the mod_gnutls object cache.
  *
  * @param s server associated with the cache entry
@@ -73 +85 @@
  * @param data data to be cached
  * @param expiry expiration time
- * @return -1 on error, 0 on success
+ *
+ * @return `-1` on error, `0` on success
  */
 typedef int (*cache_store_func)(server_rec *s, gnutls_datum_t key,
                                 gnutls_datum_t data, apr_time_t expiry);
 /**
- * Generic fetch function for the mod_gnutls object cache
+ * Generic fetch function for the mod_gnutls object cache.
+ *
+ * *Warning*: The `data` element of the returned `gnutls_datum_t` is
+ * allocated using `gnutls_malloc()` for compatibility with the GnuTLS
+ * session caching API, and must be released using `gnutls_free()`.
  *
  * @param ctxt mod_gnutls session context for the request
  * @param key key for the cache entry to be fetched
+ *
  * @return the requested cache entry, or `{NULL, 0}`
  */

src/gnutls_config.c

@@ -1 @@
-/**
+/*
  *  Copyright 2004-2005 Paul Querna
  *  Copyright 2008, 2014 Nikos Mavrogiannopoulos
@@ -16 +16 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- *
  */
 

src/gnutls_config.h

@@ -13 +13 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- *
  */
 

src/gnutls_hooks.c

@@ -1 @@
-/**
+/*
  *  Copyright 2004-2005 Paul Querna
  *  Copyright 2008, 2014 Nikos Mavrogiannopoulos
@@ -17 +17 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- *
  */
 
@@ -44 +43 @@
     ((c->is_proxy == GNUTLS_ENABLED_TRUE) ? "proxy " : "")
 
+/** Key to encrypt session tickets. Must be kept secret. This key is
+ * generated in the `pre_config` hook and thus constant across
+ * forks. The problem with this approach is that it does not support
+ * regular key rotation. */
 static gnutls_datum_t session_ticket_key = {NULL, 0};
 
@@ -310 +313 @@
 }
 
-/*
+/**
+ * Post config hook.
+ *
  * Must return OK or DECLINED on success, something else on
  * error. These codes are defined in Apache httpd.h along with the
@@ -614 +619 @@
  * @param x vhost callback record
  * @param s server record
+ * @param tsc mod_gnutls server data for `s`
+ *
  * @return true if a match, false otherwise
  *
  */
-int check_server_aliases(vhost_cb_rec *x, server_rec * s, mgs_srvconf_rec *tsc) {
+int check_server_aliases(vhost_cb_rec *x, server_rec * s, mgs_srvconf_rec *tsc)
+{
         apr_array_header_t *names;
         int rv = 0;

src/gnutls_io.c

@@ -1 @@
-/**
+/*
  *  Copyright 2004-2005 Paul Querna
  *  Copyright 2008 Nikos Mavrogiannopoulos
@@ -16 +16 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- *
  */
 
@@ -30 +29 @@
 
 /**
+ * @file
  * Describe how the GnuTLS Filter system works here
  *  - Basicly the same as what mod_ssl does with OpenSSL.

src/gnutls_ocsp.c

@@ -1 @@
-/**
+/*
  *  Copyright 2016 Thomas Klute
  *
@@ -31 +31 @@
 #endif
 
-/* maximum supported OCSP response size, 8K should be plenty */
+/** maximum supported OCSP response size, 8K should be plenty */
 #define OCSP_RESP_SIZE_MAX (8 * 1024)
 #define OCSP_REQ_TYPE "application/ocsp-request"
 #define OCSP_RESP_TYPE "application/ocsp-response"
 
-/* Dummy data for failure cache entries (one byte). */
+/** Dummy data for failure cache entries (one byte). */
 #define OCSP_FAILURE_CACHE_DATA 0x0f
 
@@ -43 +43 @@
     ap_log_error(APLOG_MARK, APLOG_INFO, APR_EGENERAL, (srv),           \
                  "Reason for failed OCSP response verification: %s", (str))
-/*
+/**
  * Log all matching reasons for verification failure
  */

src/gnutls_ocsp.h

@@ -1 @@
-/**
+/*
  *  Copyright 2016 Thomas Klute
  *
@@ -25 +25 @@
 #define MGS_OCSP_MUTEX_NAME "gnutls-ocsp"
 
-/* Default OCSP response cache timeout in seconds */
+/** Default OCSP response cache timeout in seconds */
 #define MGS_OCSP_CACHE_TIMEOUT 3600
-/* Default OCSP failure timeout in seconds */
+/** Default OCSP failure timeout in seconds */
 #define MGS_OCSP_FAILURE_TIMEOUT 300
-/* Default socket timeout for OCSP responder connections, in
+/** Default socket timeout for OCSP responder connections, in
  * seconds. Note that the timeout applies to "absolutely no data sent
  * or received", not the whole connection. 10 seconds in mod_ssl. */
@@ -38 +38 @@
  */
 struct mgs_ocsp_data {
-    /* OCSP URI extracted from the server certificate. NULL if
+    /** OCSP URI extracted from the server certificate. NULL if
      * unset. */
     apr_uri_t *uri;
-    /* Trust list to verify OCSP responses for stapling. Should
+    /** Trust list to verify OCSP responses for stapling. Should
      * usually only contain the CA that signed the server
      * certificate. */
     gnutls_x509_trust_list_t *trust;
-    /* Server certificate fingerprint, used as cache key for the OCSP
+    /** Server certificate fingerprint, used as cache key for the OCSP
      * response */
     gnutls_datum_t fingerprint;
@@ -62 +62 @@
                                          const char *arg);
 
-/*
+/**
  * Create a trust list from a certificate chain (one or more
  * certificates).
  *
- * tl: This trust list will be initialized and filled with the
+ * @param tl This trust list will be initialized and filled with the
  * specified certificate(s)
  *
- * chain: certificate chain, must contain at least num certifictes
+ * @param chain certificate chain, must contain at least `num`
+ * certifictes
  *
- * num: number of certificates to load from chain
+ * @param num number of certificates to load from chain
  *
  * Chain is supposed to be static (the trust chain of the server
- * certificate), so when gnutls_x509_trust_list_deinit() is called on
+ * certificate), so when `gnutls_x509_trust_list_deinit()` is called on
  * tl later, the "all" parameter should be zero.
  *
- * Returns GNUTLS_E_SUCCESS or a GnuTLS error code. In case of error
+ * @return `GNUTLS_E_SUCCESS` or a GnuTLS error code. In case of error
  * tl will be uninitialized.
  */

src/gnutls_util.c

@@ -1 @@
-/**
+/*
  *  Copyright 2016 Thomas Klute
  *

src/gnutls_util.h

@@ -1 @@
-/**
+/*
  *  Copyright 2016 Thomas Klute
  *
@@ -25 +25 @@
 #define __MOD_GNUTLS_UTIL_H__
 
-/* maximum allowed length of one header line */
+/** maximum allowed length of one header line */
 #define HTTP_HDR_LINE_MAX 1024
 

src/mod_gnutls.c

@@ -1 @@
-/**
+/*
  *  Copyright 2004-2005 Paul Querna
  *  Copyright 2008, 2014 Nikos Mavrogiannopoulos
@@ -16 +16 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
- *
  */
 
@@ -73 +72 @@
 
 
-/*
- * mod_rewrite calls this function to fill %{HTTPS}. A non-zero return
- * value means that HTTPS is in use.
+/**
+ * mod_rewrite calls this function to fill %{HTTPS}.
+ *
+ * @param c the connection to check
+ * @return non-zero value if HTTPS is in use, zero if not
  */
 int ssl_is_https(conn_rec *c)