Changes in / [2dd044f:15ffe0b] in mod_gnutls


Ignore:
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • Makefile.in

    r2dd044f r15ffe0b  
    138138LIBGNUTLS_CERTTOOL = @LIBGNUTLS_CERTTOOL@
    139139LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
    140 LIBGNUTLS_EXTRA_CFLAGS = @LIBGNUTLS_EXTRA_CFLAGS@
    141 LIBGNUTLS_EXTRA_CONFIG = @LIBGNUTLS_EXTRA_CONFIG@
    142 LIBGNUTLS_EXTRA_LIBS = @LIBGNUTLS_EXTRA_LIBS@
     140LIBGNUTLS_CONFIG = @LIBGNUTLS_CONFIG@
    143141LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
    144142LIBGNUTLS_PREFIX = @LIBGNUTLS_PREFIX@
  • NEWS

    r2dd044f r15ffe0b  
    1 ** Version 0.5.1 (2008-03-05)
     1** Version 0.4.3 (2008-03-05)
    22
    33- Added --disable-srp configure option
     
    55- Better check for memcache (patch by Guillaume Rousse)
    66
    7 - Corrected possible memory leak in DBM support for resuming sessions.
    8 
    9 ** Version 0.5.0-alpha (2008-01-24)
    10 
    11 - Added support for OpenPGP keys. The new directives are:
    12   GnuTLSPGPKeyringFile, GnuTLSPGPCertificateFile, GnuTLSPGPKeyFile
     7- Corrected possible memory leak in DBM support for resuming sessions.
    138
    149** Version 0.4.2 (2007-12-10)
  • NOTICE

    r2dd044f r15ffe0b  
    1 This product includes software developed by
    2 Nikos Mavrogiannopoulos (http://www.gnutls.org/).
    3 
    41This product includes software developed by
    52Paul Querna (http://www.outoforder.cc/).
  • README

    r2dd044f r15ffe0b  
    5555
    5656    # This is the Private key for your server.
    57     GnuTLSX509KeyFile conf/server.key
     57    GnuTLSKeyFile conf/server.key
    5858
    5959    # This is the Server Certificate. 
    60     GnuTLSX509CertificateFile conf/server.cert
     60    GnuTLSCertificateFile conf/server.cert
    6161</VirtualHost>
     62
    6263
    6364# a more advanced configuration
     
    7374        GNUTLSExportCertificates on
    7475
    75         GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
    76         GnuTLSX509KeyFile /etc/apache2/server-key.pem
     76        GnuTLSCertificateFile /etc/apache2/server-cert.pem
     77        GnuTLSKeyFile /etc/apache2/server-key.pem
    7778
    7879# To enable SRP you must have these files installed. Check the gnutls srptool.
     
    8485# contains the CAs to verify client certificates.
    8586        GnuTLSClientVerify request
    86         GnuTLSX509CAFile ca.pem
     87        GnuTLSClientCAFile ca.pem
    8788        ...
    8889</VirtualHost>
    89 
    90 # A setup for OpenPGP and X.509 authentication
    91 <VirtualHost 1.2.3.4:443>
    92         Servername crystal.lan:443
    93         GnuTLSEnable on
    94         GnuTLSPriorities NORMAL:+COMP-NULL
    95 
    96 # setup the openpgp keys
    97         GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
    98         GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
    99 
    100 # and the X.509 keys
    101         GnuTLSCertificateFile /etc/apache2/server-cert.pem
    102         GnuTLSKeyFile /etc/apache2/server-key.pem
    103         GnuTLSClientVerify ignore
    104 
    105 # To avoid using the default DH params
    106         GnuTLSDHFile /etc/apache2/dh.pem
    107 
    108 # these are only needed if GnuTLSClientVerify != ignore
    109         GnuTLSClientCAFile ca.pem
    110         GnuTLSPGPKeyringFile /etc/apache2/ring.asc
    111 </VirtualHost>
  • configure

    r2dd044f r15ffe0b  
    11#! /bin/sh
    22# Guess values for system-dependent variables and create Makefiles.
    3 # Generated by GNU Autoconf 2.61 for mod_gnutls 0.5.1.
     3# Generated by GNU Autoconf 2.61 for mod_gnutls 0.4.3.
    44#
    55# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
     
    727727PACKAGE_NAME='mod_gnutls'
    728728PACKAGE_TARNAME='mod_gnutls'
    729 PACKAGE_VERSION='0.5.1'
    730 PACKAGE_STRING='mod_gnutls 0.5.1'
     729PACKAGE_VERSION='0.4.3'
     730PACKAGE_STRING='mod_gnutls 0.4.3'
    731731PACKAGE_BUGREPORT=''
    732732
     
    903903APXS_EXTENSION
    904904APXS_CFLAGS
    905 LIBGNUTLS_EXTRA_CONFIG
    906 LIBGNUTLS_EXTRA_CFLAGS
    907 LIBGNUTLS_EXTRA_LIBS
     905LIBGNUTLS_CONFIG
    908906LIBGNUTLS_CFLAGS
    909907LIBGNUTLS_LIBS
     
    14361434  # This message is too long to be a string in the A/UX 3.1 sh.
    14371435  cat <<_ACEOF
    1438 \`configure' configures mod_gnutls 0.5.1 to adapt to many kinds of systems.
     1436\`configure' configures mod_gnutls 0.4.3 to adapt to many kinds of systems.
    14391437
    14401438Usage: $0 [OPTION]... [VAR=VALUE]...
     
    15071505if test -n "$ac_init_help"; then
    15081506  case $ac_init_help in
    1509      short | recursive ) echo "Configuration of mod_gnutls 0.5.1:";;
     1507     short | recursive ) echo "Configuration of mod_gnutls 0.4.3:";;
    15101508   esac
    15111509  cat <<\_ACEOF
     
    15361534  --with-tags[=TAGS]      include additional configurations [automatic]
    15371535  --with-apxs=PATH        Path to apxs
    1538   --with-libgnutls-extra-prefix=PFX   Prefix where libgnutls-extra is installed (optional)
     1536  --with-libgnutls-prefix=PFX   Prefix where libgnutls is installed (optional)
    15391537  --with-apr-memcache-prefix=PATH
    15401538                          Install prefix for apr_memcache
     
    16221620if $ac_init_version; then
    16231621  cat <<\_ACEOF
    1624 mod_gnutls configure 0.5.1
     1622mod_gnutls configure 0.4.3
    16251623generated by GNU Autoconf 2.61
    16261624
     
    16361634running configure, to aid debugging if configure makes a mistake.
    16371635
    1638 It was created by mod_gnutls $as_me 0.5.1, which was
     1636It was created by mod_gnutls $as_me 0.4.3, which was
    16391637generated by GNU Autoconf 2.61.  Invocation command line was
    16401638
     
    20072005  chmod +x config.nice
    20082006
    2009 MOD_GNUTLS_VERSION=0.5.1
     2007MOD_GNUTLS_VERSION=0.4.3
    20102008
    20112009
     
    25082506# Define the identity of the package.
    25092507 PACKAGE=mod_gnutls
    2510  VERSION=0.5.1
     2508 VERSION=0.4.3
    25112509
    25122510
     
    45534551*-*-irix6*)
    45544552  # Find out which ABI we are using.
    4555   echo '#line 4555 "configure"' > conftest.$ac_ext
     4553  echo '#line 4553 "configure"' > conftest.$ac_ext
    45564554  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
    45574555  (eval $ac_compile) 2>&5
     
    72907288   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    72917289   -e 's:$: $lt_compiler_flag:'`
    7292    (eval echo "\"\$as_me:7292: $lt_compile\"" >&5)
     7290   (eval echo "\"\$as_me:7290: $lt_compile\"" >&5)
    72937291   (eval "$lt_compile" 2>conftest.err)
    72947292   ac_status=$?
    72957293   cat conftest.err >&5
    7296    echo "$as_me:7296: \$? = $ac_status" >&5
     7294   echo "$as_me:7294: \$? = $ac_status" >&5
    72977295   if (exit $ac_status) && test -s "$ac_outfile"; then
    72987296     # The compiler can only warn and ignore the option if not recognized
     
    75807578   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    75817579   -e 's:$: $lt_compiler_flag:'`
    7582    (eval echo "\"\$as_me:7582: $lt_compile\"" >&5)
     7580   (eval echo "\"\$as_me:7580: $lt_compile\"" >&5)
    75837581   (eval "$lt_compile" 2>conftest.err)
    75847582   ac_status=$?
    75857583   cat conftest.err >&5
    7586    echo "$as_me:7586: \$? = $ac_status" >&5
     7584   echo "$as_me:7584: \$? = $ac_status" >&5
    75877585   if (exit $ac_status) && test -s "$ac_outfile"; then
    75887586     # The compiler can only warn and ignore the option if not recognized
     
    76847682   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    76857683   -e 's:$: $lt_compiler_flag:'`
    7686    (eval echo "\"\$as_me:7686: $lt_compile\"" >&5)
     7684   (eval echo "\"\$as_me:7684: $lt_compile\"" >&5)
    76877685   (eval "$lt_compile" 2>out/conftest.err)
    76887686   ac_status=$?
    76897687   cat out/conftest.err >&5
    7690    echo "$as_me:7690: \$? = $ac_status" >&5
     7688   echo "$as_me:7688: \$? = $ac_status" >&5
    76917689   if (exit $ac_status) && test -s out/conftest2.$ac_objext
    76927690   then
     
    1004610044  lt_status=$lt_dlunknown
    1004710045  cat > conftest.$ac_ext <<EOF
    10048 #line 10048 "configure"
     10046#line 10046 "configure"
    1004910047#include "confdefs.h"
    1005010048
     
    1014610144  lt_status=$lt_dlunknown
    1014710145  cat > conftest.$ac_ext <<EOF
    10148 #line 10148 "configure"
     10146#line 10146 "configure"
    1014910147#include "confdefs.h"
    1015010148
     
    1256612564   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    1256712565   -e 's:$: $lt_compiler_flag:'`
    12568    (eval echo "\"\$as_me:12568: $lt_compile\"" >&5)
     12566   (eval echo "\"\$as_me:12566: $lt_compile\"" >&5)
    1256912567   (eval "$lt_compile" 2>conftest.err)
    1257012568   ac_status=$?
    1257112569   cat conftest.err >&5
    12572    echo "$as_me:12572: \$? = $ac_status" >&5
     12570   echo "$as_me:12570: \$? = $ac_status" >&5
    1257312571   if (exit $ac_status) && test -s "$ac_outfile"; then
    1257412572     # The compiler can only warn and ignore the option if not recognized
     
    1267012668   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    1267112669   -e 's:$: $lt_compiler_flag:'`
    12672    (eval echo "\"\$as_me:12672: $lt_compile\"" >&5)
     12670   (eval echo "\"\$as_me:12670: $lt_compile\"" >&5)
    1267312671   (eval "$lt_compile" 2>out/conftest.err)
    1267412672   ac_status=$?
    1267512673   cat out/conftest.err >&5
    12676    echo "$as_me:12676: \$? = $ac_status" >&5
     12674   echo "$as_me:12674: \$? = $ac_status" >&5
    1267712675   if (exit $ac_status) && test -s out/conftest2.$ac_objext
    1267812676   then
     
    1424714245   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    1424814246   -e 's:$: $lt_compiler_flag:'`
    14249    (eval echo "\"\$as_me:14249: $lt_compile\"" >&5)
     14247   (eval echo "\"\$as_me:14247: $lt_compile\"" >&5)
    1425014248   (eval "$lt_compile" 2>conftest.err)
    1425114249   ac_status=$?
    1425214250   cat conftest.err >&5
    14253    echo "$as_me:14253: \$? = $ac_status" >&5
     14251   echo "$as_me:14251: \$? = $ac_status" >&5
    1425414252   if (exit $ac_status) && test -s "$ac_outfile"; then
    1425514253     # The compiler can only warn and ignore the option if not recognized
     
    1435114349   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    1435214350   -e 's:$: $lt_compiler_flag:'`
    14353    (eval echo "\"\$as_me:14353: $lt_compile\"" >&5)
     14351   (eval echo "\"\$as_me:14351: $lt_compile\"" >&5)
    1435414352   (eval "$lt_compile" 2>out/conftest.err)
    1435514353   ac_status=$?
    1435614354   cat out/conftest.err >&5
    14357    echo "$as_me:14357: \$? = $ac_status" >&5
     14355   echo "$as_me:14355: \$? = $ac_status" >&5
    1435814356   if (exit $ac_status) && test -s out/conftest2.$ac_objext
    1435914357   then
     
    1655116549   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    1655216550   -e 's:$: $lt_compiler_flag:'`
    16553    (eval echo "\"\$as_me:16553: $lt_compile\"" >&5)
     16551   (eval echo "\"\$as_me:16551: $lt_compile\"" >&5)
    1655416552   (eval "$lt_compile" 2>conftest.err)
    1655516553   ac_status=$?
    1655616554   cat conftest.err >&5
    16557    echo "$as_me:16557: \$? = $ac_status" >&5
     16555   echo "$as_me:16555: \$? = $ac_status" >&5
    1655816556   if (exit $ac_status) && test -s "$ac_outfile"; then
    1655916557     # The compiler can only warn and ignore the option if not recognized
     
    1684116839   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    1684216840   -e 's:$: $lt_compiler_flag:'`
    16843    (eval echo "\"\$as_me:16843: $lt_compile\"" >&5)
     16841   (eval echo "\"\$as_me:16841: $lt_compile\"" >&5)
    1684416842   (eval "$lt_compile" 2>conftest.err)
    1684516843   ac_status=$?
    1684616844   cat conftest.err >&5
    16847    echo "$as_me:16847: \$? = $ac_status" >&5
     16845   echo "$as_me:16845: \$? = $ac_status" >&5
    1684816846   if (exit $ac_status) && test -s "$ac_outfile"; then
    1684916847     # The compiler can only warn and ignore the option if not recognized
     
    1694516943   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    1694616944   -e 's:$: $lt_compiler_flag:'`
    16947    (eval echo "\"\$as_me:16947: $lt_compile\"" >&5)
     16945   (eval echo "\"\$as_me:16945: $lt_compile\"" >&5)
    1694816946   (eval "$lt_compile" 2>out/conftest.err)
    1694916947   ac_status=$?
    1695016948   cat out/conftest.err >&5
    16951    echo "$as_me:16951: \$? = $ac_status" >&5
     16949   echo "$as_me:16949: \$? = $ac_status" >&5
    1695216950   if (exit $ac_status) && test -s out/conftest2.$ac_objext
    1695316951   then
     
    2023620234MIN_TLS_VERSION=2.2.1
    2023720235
    20238 # Check whether --with-libgnutls-extra-prefix was given.
    20239 if test "${with_libgnutls_extra_prefix+set}" = set; then
    20240   withval=$with_libgnutls_extra_prefix; libgnutls_extra_config_prefix="$withval"
    20241 else
    20242   libgnutls_extra_config_prefix=""
    20243 fi
    20244 
    20245 
    20246   if test x$libgnutls_extra_config_prefix != x ; then
    20247      if test x${LIBGNUTLS_EXTRA_CONFIG+set} != xset ; then
    20248         LIBGNUTLS_EXTRA_CONFIG=$libgnutls_extra_config_prefix/bin/libgnutls-extra-config
     20236# Check whether --with-libgnutls-prefix was given.
     20237if test "${with_libgnutls_prefix+set}" = set; then
     20238  withval=$with_libgnutls_prefix; libgnutls_config_prefix="$withval"
     20239else
     20240  libgnutls_config_prefix=""
     20241fi
     20242
     20243
     20244  if test x$libgnutls_config_prefix != x ; then
     20245     if test x${LIBGNUTLS_CONFIG+set} != xset ; then
     20246        LIBGNUTLS_CONFIG=$libgnutls_config_prefix/bin/libgnutls-config
    2024920247     fi
    2025020248  fi
    2025120249
    20252   # Extract the first word of "libgnutls-extra-config", so it can be a program name with args.
    20253 set dummy libgnutls-extra-config; ac_word=$2
     20250  # Extract the first word of "libgnutls-config", so it can be a program name with args.
     20251set dummy libgnutls-config; ac_word=$2
    2025420252{ echo "$as_me:$LINENO: checking for $ac_word" >&5
    2025520253echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
    20256 if test "${ac_cv_path_LIBGNUTLS_EXTRA_CONFIG+set}" = set; then
     20254if test "${ac_cv_path_LIBGNUTLS_CONFIG+set}" = set; then
    2025720255  echo $ECHO_N "(cached) $ECHO_C" >&6
    2025820256else
    20259   case $LIBGNUTLS_EXTRA_CONFIG in
     20257  case $LIBGNUTLS_CONFIG in
    2026020258  [\\/]* | ?:[\\/]*)
    20261   ac_cv_path_LIBGNUTLS_EXTRA_CONFIG="$LIBGNUTLS_EXTRA_CONFIG" # Let the user override the test with a path.
     20259  ac_cv_path_LIBGNUTLS_CONFIG="$LIBGNUTLS_CONFIG" # Let the user override the test with a path.
    2026220260  ;;
    2026320261  *)
     
    2026920267  for ac_exec_ext in '' $ac_executable_extensions; do
    2027020268  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
    20271     ac_cv_path_LIBGNUTLS_EXTRA_CONFIG="$as_dir/$ac_word$ac_exec_ext"
     20269    ac_cv_path_LIBGNUTLS_CONFIG="$as_dir/$ac_word$ac_exec_ext"
    2027220270    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
    2027320271    break 2
     
    2027720275IFS=$as_save_IFS
    2027820276
    20279   test -z "$ac_cv_path_LIBGNUTLS_EXTRA_CONFIG" && ac_cv_path_LIBGNUTLS_EXTRA_CONFIG="no"
     20277  test -z "$ac_cv_path_LIBGNUTLS_CONFIG" && ac_cv_path_LIBGNUTLS_CONFIG="no"
    2028020278  ;;
    2028120279esac
    2028220280fi
    20283 LIBGNUTLS_EXTRA_CONFIG=$ac_cv_path_LIBGNUTLS_EXTRA_CONFIG
    20284 if test -n "$LIBGNUTLS_EXTRA_CONFIG"; then
    20285   { echo "$as_me:$LINENO: result: $LIBGNUTLS_EXTRA_CONFIG" >&5
    20286 echo "${ECHO_T}$LIBGNUTLS_EXTRA_CONFIG" >&6; }
     20281LIBGNUTLS_CONFIG=$ac_cv_path_LIBGNUTLS_CONFIG
     20282if test -n "$LIBGNUTLS_CONFIG"; then
     20283  { echo "$as_me:$LINENO: result: $LIBGNUTLS_CONFIG" >&5
     20284echo "${ECHO_T}$LIBGNUTLS_CONFIG" >&6; }
    2028720285else
    2028820286  { echo "$as_me:$LINENO: result: no" >&5
     
    2029520293echo $ECHO_N "checking for libgnutls - version >= $min_libgnutls_version... $ECHO_C" >&6; }
    2029620294  no_libgnutls=""
    20297   if test "$LIBGNUTLS_EXTRA_CONFIG" = "no" ; then
     20295  if test "$LIBGNUTLS_CONFIG" = "no" ; then
    2029820296    no_libgnutls=yes
    2029920297  else
    20300     LIBGNUTLS_EXTRA_CFLAGS=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --cflags`
    20301     LIBGNUTLS_EXTRA_LIBS=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --libs`
    20302     libgnutls_extra_config_version=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --version`
     20298    LIBGNUTLS_CFLAGS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --cflags`
     20299    LIBGNUTLS_LIBS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --libs`
     20300    libgnutls_config_version=`$LIBGNUTLS_CONFIG $libgnutls_config_args --version`
    2030320301
    2030420302
    2030520303      ac_save_CFLAGS="$CFLAGS"
    2030620304      ac_save_LIBS="$LIBS"
    20307       CFLAGS="$CFLAGS $LIBGNUTLS_EXTRA_CFLAGS"
    20308       LIBS="$LIBS $LIBGNUTLS_EXTRA_LIBS"
     20305      CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
     20306      LIBS="$LIBS $LIBGNUTLS_LIBS"
    2030920307      rm -f conf.libgnutlstest
    2031020308      if test "$cross_compiling" = yes; then
     
    2032120319#include <stdlib.h>
    2032220320#include <string.h>
    20323 #include <gnutls/extra.h>
     20321#include <gnutls/gnutls.h>
    2032420322
    2032520323int
     
    2032820326    system ("touch conf.libgnutlstest");
    2032920327
    20330     if( strcmp( gnutls_extra_check_version(NULL), "$libgnutls_extra_config_version" ) )
     20328    if( strcmp( gnutls_check_version(NULL), "$libgnutls_config_version" ) )
    2033120329    {
    20332       printf("\n*** 'libgnutls-extra-config --version' returned %s, but LIBGNUTLS_EXTRA (%s)\n",
    20333              "$libgnutls_extra_config_version", gnutls_extra_check_version(NULL) );
    20334       printf("*** was found! If libgnutls-extra-config was correct, then it is best\n");
    20335       printf("*** to remove the old version of LIBGNUTLS_EXTRA. You may also be able to fix the error\n");
     20330      printf("\n*** 'libgnutls-config --version' returned %s, but LIBGNUTLS (%s)\n",
     20331             "$libgnutls_config_version", gnutls_check_version(NULL) );
     20332      printf("*** was found! If libgnutls-config was correct, then it is best\n");
     20333      printf("*** to remove the old version of LIBGNUTLS. You may also be able to fix the error\n");
    2033620334      printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n");
    2033720335      printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n");
    2033820336      printf("*** required on your system.\n");
    20339       printf("*** If libgnutls-extra-config was wrong, set the environment variable LIBGNUTLS_EXTRA_CONFIG\n");
    20340       printf("*** to point to the correct copy of libgnutls-extra-config, and remove the file config.cache\n");
     20337      printf("*** If libgnutls-config was wrong, set the environment variable LIBGNUTLS_CONFIG\n");
     20338      printf("*** to point to the correct copy of libgnutls-config, and remove the file config.cache\n");
    2034120339      printf("*** before re-running configure\n");
    2034220340    }
    20343     else if ( strcmp(gnutls_extra_check_version(NULL), LIBGNUTLS_EXTRA_VERSION ) )
     20341    else if ( strcmp(gnutls_check_version(NULL), LIBGNUTLS_VERSION ) )
    2034420342    {
    20345       printf("\n*** LIBGNUTLS_EXTRA header file (version %s) does not match\n", LIBGNUTLS_EXTRA_VERSION);
    20346       printf("*** library (version %s). This is may be due to a different version of gnutls\n", gnutls_extra_check_version(NULL) );
    20347       printf("*** and gnutls-extra.\n");
     20343      printf("\n*** LIBGNUTLS header file (version %s) does not match\n", LIBGNUTLS_VERSION);
     20344      printf("*** library (version %s)\n", gnutls_check_version(NULL) );
    2034820345    }
    2034920346    else
    2035020347    {
    20351       if ( gnutls_extra_check_version( "$min_libgnutls_version" ) )
     20348      if ( gnutls_check_version( "$min_libgnutls_version" ) )
    2035220349      {
    2035320350        return 0;
     
    2035520352     else
    2035620353      {
    20357         printf("no\n*** An old version of LIBGNUTLS_EXTRA (%s) was found.\n",
    20358                 gnutls_extra_check_version(NULL) );
    20359         printf("*** You need a version of LIBGNUTLS_EXTRA newer than %s. The latest version of\n",
     20354        printf("no\n*** An old version of LIBGNUTLS (%s) was found.\n",
     20355                gnutls_check_version(NULL) );
     20356        printf("*** You need a version of LIBGNUTLS newer than %s. The latest version of\n",
    2036020357               "$min_libgnutls_version" );
    20361         printf("*** LIBGNUTLS_EXTRA is always available from ftp://gnutls.hellug.gr/pub/gnutls.\n");
     20358        printf("*** LIBGNUTLS is always available from ftp://gnutls.hellug.gr/pub/gnutls.\n");
    2036220359        printf("*** \n");
    2036320360        printf("*** If you have already installed a sufficiently new version, this error\n");
    20364         printf("*** probably means that the wrong copy of the libgnutls-extra-config shell script is\n");
     20361        printf("*** probably means that the wrong copy of the libgnutls-config shell script is\n");
    2036520362        printf("*** being found. The easiest way to fix this is to remove the old version\n");
    20366         printf("*** of LIBGNUTLS_EXTRA, but you can also set the LIBGNUTLS_EXTRA_CONFIG environment to point to the\n");
    20367         printf("*** correct copy of libgnutls-extra-config. (In this case, you will have to\n");
     20363        printf("*** of LIBGNUTLS, but you can also set the LIBGNUTLS_CONFIG environment to point to the\n");
     20364        printf("*** correct copy of libgnutls-config. (In this case, you will have to\n");
    2036820365        printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n");
    2036920366        printf("*** so that the correct libraries are found at run-time))\n");
     
    2042220419echo "${ECHO_T}no" >&6; }
    2042320420     fi
    20424      if test "$LIBGNUTLS_EXTRA_CONFIG" = "no" ; then
    20425        echo "*** The libgnutls-extra-config script installed by LIBGNUTLS_EXTRA could not be found"
    20426        echo "*** If LIBGNUTLS_EXTRA was installed in PREFIX, make sure PREFIX/bin is in"
    20427        echo "*** your path, or set the LIBGNUTLS_EXTRA_CONFIG environment variable to the"
    20428        echo "*** full path to libgnutls-extra-config."
     20421     if test "$LIBGNUTLS_CONFIG" = "no" ; then
     20422       echo "*** The libgnutls-config script installed by LIBGNUTLS could not be found"
     20423       echo "*** If LIBGNUTLS was installed in PREFIX, make sure PREFIX/bin is in"
     20424       echo "*** your path, or set the LIBGNUTLS_CONFIG environment variable to the"
     20425       echo "*** full path to libgnutls-config."
    2042920426     else
    2043020427       if test -f conf.libgnutlstest ; then
     
    2043220429       else
    2043320430          echo "*** Could not run libgnutls test program, checking why..."
    20434           CFLAGS="$CFLAGS $LIBGNUTLS_EXTRA_CFLAGS"
    20435           LIBS="$LIBS $LIBGNUTLS_EXTRA_LIBS"
     20431          CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
     20432          LIBS="$LIBS $LIBGNUTLS_LIBS"
    2043620433          cat >conftest.$ac_ext <<_ACEOF
    2043720434/* confdefs.h.  */
     
    2044420441#include <stdlib.h>
    2044520442#include <string.h>
    20446 #include <gnutls/extra.h>
     20443#include <gnutls/gnutls.h>
    2044720444
    2044820445int
    2044920446main ()
    2045020447{
    20451  return !!gnutls_extra_check_version(NULL);
     20448 return !!gnutls_check_version(NULL);
    2045220449  ;
    2045320450  return 0;
     
    2047320470       $as_test_x conftest$ac_exeext; then
    2047420471   echo "*** The test program compiled, but did not run. This usually means"
    20475           echo "*** that the run-time linker is not finding LIBGNUTLS_EXTRA or finding the wrong"
    20476           echo "*** version of LIBGNUTLS_EXTRA. If it is not finding LIBGNUTLS_EXTRA, you'll need to set your"
     20472          echo "*** that the run-time linker is not finding LIBGNUTLS or finding the wrong"
     20473          echo "*** version of LIBGNUTLS. If it is not finding LIBGNUTLS, you'll need to set your"
    2047720474          echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
    2047820475          echo "*** to the installed location  Also, make sure you have run ldconfig if that"
     
    2048720484
    2048820485         echo "*** The test program failed to compile or link. See the file config.log for the"
    20489           echo "*** exact error that occured. This usually means LIBGNUTLS_EXTRA was incorrectly installed"
    20490           echo "*** or that you have moved LIBGNUTLS_EXTRA since it was installed. In the latter case, you"
    20491           echo "*** may want to edit the libgnutls-extra-config script: $LIBGNUTLS_EXTRA_CONFIG"
     20486          echo "*** exact error that occured. This usually means LIBGNUTLS was incorrectly installed"
     20487          echo "*** or that you have moved LIBGNUTLS since it was installed. In the latter case, you"
     20488          echo "*** may want to edit the libgnutls-config script: $LIBGNUTLS_CONFIG"
    2049220489fi
    2049320490
     
    2049820495       fi
    2049920496     fi
    20500      LIBGNUTLS_EXTRA_CFLAGS=""
    20501      LIBGNUTLS_EXTRA_LIBS=""
     20497     LIBGNUTLS_CFLAGS=""
     20498     LIBGNUTLS_LIBS=""
    2050220499     { { echo "$as_me:$LINENO: error:
    2050320500***
    20504 *** libgnutls and libgnutls-extra were not found. You may want to get it from
     20501*** libgnutls were not found. You may want to get it from
    2050520502*** http://www.gnutls.org/
    2050620503***
     
    2050820505echo "$as_me: error:
    2050920506***
    20510 *** libgnutls and libgnutls-extra were not found. You may want to get it from
     20507*** libgnutls were not found. You may want to get it from
    2051120508*** http://www.gnutls.org/
    2051220509***
     
    2051820515
    2051920516
    20520   LIBGNUTLS_LIBS=$LIBGNUTLS_EXTRA_LIBS
    20521   LIBGNUTLS_CFLAGS=$LIBGNUTLS_EXTRA_CFLAGS
    20522   LIBGNUTLS_VERSION=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --version`
    20523   LIBGNUTLS_PREFIX="`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --prefix`"
     20517  LIBGNUTLS_VERSION=`$LIBGNUTLS_CONFIG $libgnutls_config_args --version`
     20518  LIBGNUTLS_PREFIX="`$LIBGNUTLS_CONFIG $libgnutls_config_args --prefix`"
    2052420519  GNUTLS_CERTTOOL="${LIBGNUTLS_PREFIX}/bin/certtool"
    2052520520
     
    2053120526
    2053220527
    20533 
    20534 # Check whether --enable-srp was given.
    20535 if test "${enable_srp+set}" = set; then
    20536   enableval=$enable_srp; use_srp=$enableval
    20537 else
    20538   use_srp=yes
    20539 fi
    20540 
    20541 
    20542 SRP_CFLAGS=""
    20543 if test "$use_srp" != "no"; then
    20544         SRP_CFLAGS="-DENABLE_SRP=1"
    20545 fi
    20546 { echo "$as_me:$LINENO: checking whether to enable SRP functionality" >&5
    20547 echo $ECHO_N "checking whether to enable SRP functionality... $ECHO_C" >&6; }
    20548 { echo "$as_me:$LINENO: result: $use_srp" >&5
    20549 echo "${ECHO_T}$use_srp" >&6; }
    2055020528
    2055120529
     
    2129521273
    2129621274
    21297 MODULE_CFLAGS="${LIBGNUTLS_EXTRA_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
    21298 MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_EXTRA_LIBS}"
     21275# Check whether --enable-srp was given.
     21276if test "${enable_srp+set}" = set; then
     21277  enableval=$enable_srp; use_srp=$enableval
     21278else
     21279  use_srp=yes
     21280fi
     21281
     21282
     21283SRP_CFLAGS=""
     21284if test "$use_srp" != "no"; then
     21285        SRP_CFLAGS="-DENABLE_SRP=1"
     21286fi
     21287{ echo "$as_me:$LINENO: checking whether to enable SRP functionality" >&5
     21288echo $ECHO_N "checking whether to enable SRP functionality... $ECHO_C" >&6; }
     21289{ echo "$as_me:$LINENO: result: $use_srp" >&5
     21290echo "${ECHO_T}$use_srp" >&6; }
     21291
     21292MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
     21293MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
    2129921294
    2130021295
     
    2172721722# values after options handling.
    2172821723ac_log="
    21729 This file was extended by mod_gnutls $as_me 0.5.1, which was
     21724This file was extended by mod_gnutls $as_me 0.4.3, which was
    2173021725generated by GNU Autoconf 2.61.  Invocation command line was
    2173121726
     
    2178021775cat >>$CONFIG_STATUS <<_ACEOF
    2178121776ac_cs_version="\\
    21782 mod_gnutls config.status 0.5.1
     21777mod_gnutls config.status 0.4.3
    2178321778configured by $0, generated by GNU Autoconf 2.61,
    2178421779  with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
     
    2213722132APXS_EXTENSION!$APXS_EXTENSION$ac_delim
    2213822133APXS_CFLAGS!$APXS_CFLAGS$ac_delim
    22139 LIBGNUTLS_EXTRA_CONFIG!$LIBGNUTLS_EXTRA_CONFIG$ac_delim
    22140 LIBGNUTLS_EXTRA_CFLAGS!$LIBGNUTLS_EXTRA_CFLAGS$ac_delim
    22141 LIBGNUTLS_EXTRA_LIBS!$LIBGNUTLS_EXTRA_LIBS$ac_delim
     22134LIBGNUTLS_CONFIG!$LIBGNUTLS_CONFIG$ac_delim
    2214222135LIBGNUTLS_CFLAGS!$LIBGNUTLS_CFLAGS$ac_delim
    2214322136LIBGNUTLS_LIBS!$LIBGNUTLS_LIBS$ac_delim
     
    2215422147_ACEOF
    2215522148
    22156   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 53; then
     22149  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 51; then
    2215722150    break
    2215822151  elif $ac_last_try; then
     
    2275922752echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
    2276022753echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
    22761 echo "   * SRP Authentication:          ${use_srp}"
     22754echo "   * SRP authentication:          ${use_srp}"
    2276222755echo ""
    2276322756echo "---"
  • configure.ac

    r2dd044f r15ffe0b  
    11dnl
    2 AC_INIT(mod_gnutls, 0.5.1)
     2AC_INIT(mod_gnutls, 0.4.3)
    33OOO_CONFIG_NICE(config.nice)
    44MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
     
    3030
    3131MIN_TLS_VERSION=2.2.1
    32 AM_PATH_LIBGNUTLS_EXTRA($MIN_TLS_VERSION,,
     32AM_PATH_LIBGNUTLS($MIN_TLS_VERSION,,
    3333        AC_MSG_ERROR([[
    3434*** 
    35 *** libgnutls and libgnutls-extra were not found. You may want to get it from
     35*** libgnutls were not found. You may want to get it from
    3636*** http://www.gnutls.org/
    3737***
    3838]]))
     39
     40dnl CHECK_LUA()
     41
     42have_apr_memcache=0
     43CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
     44AC_SUBST(have_apr_memcache)
    3945
    4046AC_ARG_ENABLE(srp,
     
    4551SRP_CFLAGS=""
    4652if test "$use_srp" != "no"; then
    47         SRP_CFLAGS="-DENABLE_SRP=1"
     53        SRP_CFLAGS="-DENABLE_SRP=1"
    4854fi
    4955AC_MSG_CHECKING([whether to enable SRP functionality])
    5056AC_MSG_RESULT($use_srp)
    5157
    52 dnl CHECK_LUA()
    53 
    54 have_apr_memcache=0
    55 CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
    56 AC_SUBST(have_apr_memcache)
    57 
    58 MODULE_CFLAGS="${LIBGNUTLS_EXTRA_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
    59 MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_EXTRA_LIBS}"
     58MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
     59MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
    6060
    6161AC_SUBST(MODULE_CFLAGS)
     
    6868echo "Configuration summary for mod_gnutls:"
    6969echo ""
    70 echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
    71 echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
    72 echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
    73 echo "   * SRP Authentication:          ${use_srp}"
     70echo "   * mod_gnutls version:          ${MOD_GNUTLS_VERSION}"
     71echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
     72echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
     73echo "   * SRP authentication:          ${use_srp}"
    7474echo ""
    7575echo "---"
  • include/mod_gnutls.h.in

    r2dd044f r15ffe0b  
    3030#include <gcrypt.h>
    3131#include <gnutls/gnutls.h>
    32 #include <gnutls/extra.h>
    33 #include <gnutls/openpgp.h>
    3432#include <gnutls/x509.h>
    3533
     
    9795    unsigned int certs_x509_num;
    9896    gnutls_x509_privkey_t privkey_x509;
    99     gnutls_openpgp_crt_t cert_pgp; /* A certificate chain */
    100     gnutls_openpgp_privkey_t privkey_pgp;
    10197    int enabled;
    10298    /* whether to send the PEM encoded certificates
     
    113109    const char* srp_tpasswd_conf_file;
    114110    gnutls_x509_crt_t ca_list[MAX_CA_CRTS];
    115     gnutls_openpgp_keyring_t pgp_list;
    116111    unsigned int ca_list_size;
    117112    int client_verify_mode;
     
    260255                             const char *arg);
    261256
    262 const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy,
    263                                         const char *arg);
    264 
    265 const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
    266                              const char *arg);
    267 
    268257const char *mgs_set_cache(cmd_parms * parms, void *dummy,
    269258                          const char *type, const char* arg);
     
    276265
    277266const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
    278                                    const char *arg);
    279 
    280 const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
    281267                                   const char *arg);
    282268
  • m4/libgnutls.m4

    r2dd044f r15ffe0b  
    1 dnl Autoconf macros for libgnutls-extra
     1dnl Autoconf macros for libgnutls
    22dnl $id$
    33
    4 # Modified for LIBGNUTLS_EXTRA -- nmav
     4# Modified for LIBGNUTLS -- nmav
    55# Configure paths for LIBGCRYPT
    66# Shamelessly stolen from the one of XDELTA by Owen Taylor
    77# Werner Koch   99-12-09
    88
    9 dnl AM_PATH_LIBGNUTLS_EXTRA([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
    10 dnl Test for libgnutls-extra, and define LIBGNUTLS_EXTRA_CFLAGS and LIBGNUTLS_EXTRA_LIBS
     9dnl AM_PATH_LIBGNUTLS([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
     10dnl Test for libgnutls, and define LIBGNUTLS_CFLAGS and LIBGNUTLS_LIBS
    1111dnl
    12 AC_DEFUN([AM_PATH_LIBGNUTLS_EXTRA],
     12AC_DEFUN([AM_PATH_LIBGNUTLS],
    1313[dnl
    14 dnl Get the cflags and libraries from the libgnutls-extra-config script
     14dnl Get the cflags and libraries from the libgnutls-config script
    1515dnl
    16 AC_ARG_WITH(libgnutls-extra-prefix,
    17           [  --with-libgnutls-extra-prefix=PFX   Prefix where libgnutls-extra is installed (optional)],
    18           libgnutls_extra_config_prefix="$withval", libgnutls_extra_config_prefix="")
     16AC_ARG_WITH(libgnutls-prefix,
     17          [  --with-libgnutls-prefix=PFX   Prefix where libgnutls is installed (optional)],
     18          libgnutls_config_prefix="$withval", libgnutls_config_prefix="")
    1919
    20   if test x$libgnutls_extra_config_prefix != x ; then
    21      if test x${LIBGNUTLS_EXTRA_CONFIG+set} != xset ; then
    22         LIBGNUTLS_EXTRA_CONFIG=$libgnutls_extra_config_prefix/bin/libgnutls-extra-config
     20  if test x$libgnutls_config_prefix != x ; then
     21     if test x${LIBGNUTLS_CONFIG+set} != xset ; then
     22        LIBGNUTLS_CONFIG=$libgnutls_config_prefix/bin/libgnutls-config
    2323     fi
    2424  fi
    2525
    26   AC_PATH_PROG(LIBGNUTLS_EXTRA_CONFIG, libgnutls-extra-config, no)
     26  AC_PATH_PROG(LIBGNUTLS_CONFIG, libgnutls-config, no)
    2727  min_libgnutls_version=ifelse([$1], ,0.1.0,$1)
    2828  AC_MSG_CHECKING(for libgnutls - version >= $min_libgnutls_version)
    2929  no_libgnutls=""
    30   if test "$LIBGNUTLS_EXTRA_CONFIG" = "no" ; then
     30  if test "$LIBGNUTLS_CONFIG" = "no" ; then
    3131    no_libgnutls=yes
    3232  else
    33     LIBGNUTLS_EXTRA_CFLAGS=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --cflags`
    34     LIBGNUTLS_EXTRA_LIBS=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --libs`
    35     libgnutls_extra_config_version=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --version`
     33    LIBGNUTLS_CFLAGS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --cflags`
     34    LIBGNUTLS_LIBS=`$LIBGNUTLS_CONFIG $libgnutls_config_args --libs`
     35    libgnutls_config_version=`$LIBGNUTLS_CONFIG $libgnutls_config_args --version`
    3636
    3737
    3838      ac_save_CFLAGS="$CFLAGS"
    3939      ac_save_LIBS="$LIBS"
    40       CFLAGS="$CFLAGS $LIBGNUTLS_EXTRA_CFLAGS"
    41       LIBS="$LIBS $LIBGNUTLS_EXTRA_LIBS"
     40      CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
     41      LIBS="$LIBS $LIBGNUTLS_LIBS"
    4242dnl
    4343dnl Now check if the installed libgnutls is sufficiently new. Also sanity
    44 dnl checks the results of libgnutls-extra-config to some extent
     44dnl checks the results of libgnutls-config to some extent
    4545dnl
    4646      rm -f conf.libgnutlstest
     
    4949#include <stdlib.h>
    5050#include <string.h>
    51 #include <gnutls/extra.h>
     51#include <gnutls/gnutls.h>
    5252
    5353int
     
    5656    system ("touch conf.libgnutlstest");
    5757
    58     if( strcmp( gnutls_extra_check_version(NULL), "$libgnutls_extra_config_version" ) )
     58    if( strcmp( gnutls_check_version(NULL), "$libgnutls_config_version" ) )
    5959    {
    60       printf("\n*** 'libgnutls-extra-config --version' returned %s, but LIBGNUTLS_EXTRA (%s)\n",
    61              "$libgnutls_extra_config_version", gnutls_extra_check_version(NULL) );
    62       printf("*** was found! If libgnutls-extra-config was correct, then it is best\n");
    63       printf("*** to remove the old version of LIBGNUTLS_EXTRA. You may also be able to fix the error\n");
     60      printf("\n*** 'libgnutls-config --version' returned %s, but LIBGNUTLS (%s)\n",
     61             "$libgnutls_config_version", gnutls_check_version(NULL) );
     62      printf("*** was found! If libgnutls-config was correct, then it is best\n");
     63      printf("*** to remove the old version of LIBGNUTLS. You may also be able to fix the error\n");
    6464      printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n");
    6565      printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n");
    6666      printf("*** required on your system.\n");
    67       printf("*** If libgnutls-extra-config was wrong, set the environment variable LIBGNUTLS_EXTRA_CONFIG\n");
    68       printf("*** to point to the correct copy of libgnutls-extra-config, and remove the file config.cache\n");
     67      printf("*** If libgnutls-config was wrong, set the environment variable LIBGNUTLS_CONFIG\n");
     68      printf("*** to point to the correct copy of libgnutls-config, and remove the file config.cache\n");
    6969      printf("*** before re-running configure\n");
    7070    }
    71     else if ( strcmp(gnutls_extra_check_version(NULL), LIBGNUTLS_EXTRA_VERSION ) )
     71    else if ( strcmp(gnutls_check_version(NULL), LIBGNUTLS_VERSION ) )
    7272    {
    73       printf("\n*** LIBGNUTLS_EXTRA header file (version %s) does not match\n", LIBGNUTLS_EXTRA_VERSION);
    74       printf("*** library (version %s). This is may be due to a different version of gnutls\n", gnutls_extra_check_version(NULL) );
    75       printf("*** and gnutls-extra.\n");
     73      printf("\n*** LIBGNUTLS header file (version %s) does not match\n", LIBGNUTLS_VERSION);
     74      printf("*** library (version %s)\n", gnutls_check_version(NULL) );
    7675    }
    7776    else
    7877    {
    79       if ( gnutls_extra_check_version( "$min_libgnutls_version" ) )
     78      if ( gnutls_check_version( "$min_libgnutls_version" ) )
    8079      {
    8180        return 0;
     
    8382     else
    8483      {
    85         printf("no\n*** An old version of LIBGNUTLS_EXTRA (%s) was found.\n",
    86                 gnutls_extra_check_version(NULL) );
    87         printf("*** You need a version of LIBGNUTLS_EXTRA newer than %s. The latest version of\n",
     84        printf("no\n*** An old version of LIBGNUTLS (%s) was found.\n",
     85                gnutls_check_version(NULL) );
     86        printf("*** You need a version of LIBGNUTLS newer than %s. The latest version of\n",
    8887               "$min_libgnutls_version" );
    89         printf("*** LIBGNUTLS_EXTRA is always available from ftp://gnutls.hellug.gr/pub/gnutls.\n");
     88        printf("*** LIBGNUTLS is always available from ftp://gnutls.hellug.gr/pub/gnutls.\n");
    9089        printf("*** \n");
    9190        printf("*** If you have already installed a sufficiently new version, this error\n");
    92         printf("*** probably means that the wrong copy of the libgnutls-extra-config shell script is\n");
     91        printf("*** probably means that the wrong copy of the libgnutls-config shell script is\n");
    9392        printf("*** being found. The easiest way to fix this is to remove the old version\n");
    94         printf("*** of LIBGNUTLS_EXTRA, but you can also set the LIBGNUTLS_EXTRA_CONFIG environment to point to the\n");
    95         printf("*** correct copy of libgnutls-extra-config. (In this case, you will have to\n");
     93        printf("*** of LIBGNUTLS, but you can also set the LIBGNUTLS_CONFIG environment to point to the\n");
     94        printf("*** correct copy of libgnutls-config. (In this case, you will have to\n");
    9695        printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n");
    9796        printf("*** so that the correct libraries are found at run-time))\n");
     
    114113        AC_MSG_RESULT(no)
    115114     fi
    116      if test "$LIBGNUTLS_EXTRA_CONFIG" = "no" ; then
    117        echo "*** The libgnutls-extra-config script installed by LIBGNUTLS_EXTRA could not be found"
    118        echo "*** If LIBGNUTLS_EXTRA was installed in PREFIX, make sure PREFIX/bin is in"
    119        echo "*** your path, or set the LIBGNUTLS_EXTRA_CONFIG environment variable to the"
    120        echo "*** full path to libgnutls-extra-config."
     115     if test "$LIBGNUTLS_CONFIG" = "no" ; then
     116       echo "*** The libgnutls-config script installed by LIBGNUTLS could not be found"
     117       echo "*** If LIBGNUTLS was installed in PREFIX, make sure PREFIX/bin is in"
     118       echo "*** your path, or set the LIBGNUTLS_CONFIG environment variable to the"
     119       echo "*** full path to libgnutls-config."
    121120     else
    122121       if test -f conf.libgnutlstest ; then
     
    124123       else
    125124          echo "*** Could not run libgnutls test program, checking why..."
    126           CFLAGS="$CFLAGS $LIBGNUTLS_EXTRA_CFLAGS"
    127           LIBS="$LIBS $LIBGNUTLS_EXTRA_LIBS"
     125          CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
     126          LIBS="$LIBS $LIBGNUTLS_LIBS"
    128127          AC_TRY_LINK([
    129128#include <stdio.h>
    130129#include <stdlib.h>
    131130#include <string.h>
    132 #include <gnutls/extra.h>
    133 ],      [ return !!gnutls_extra_check_version(NULL); ],
     131#include <gnutls/gnutls.h>
     132],      [ return !!gnutls_check_version(NULL); ],
    134133        [ echo "*** The test program compiled, but did not run. This usually means"
    135           echo "*** that the run-time linker is not finding LIBGNUTLS_EXTRA or finding the wrong"
    136           echo "*** version of LIBGNUTLS_EXTRA. If it is not finding LIBGNUTLS_EXTRA, you'll need to set your"
     134          echo "*** that the run-time linker is not finding LIBGNUTLS or finding the wrong"
     135          echo "*** version of LIBGNUTLS. If it is not finding LIBGNUTLS, you'll need to set your"
    137136          echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
    138137          echo "*** to the installed location  Also, make sure you have run ldconfig if that"
     
    143142          echo "***" ],
    144143        [ echo "*** The test program failed to compile or link. See the file config.log for the"
    145           echo "*** exact error that occured. This usually means LIBGNUTLS_EXTRA was incorrectly installed"
    146           echo "*** or that you have moved LIBGNUTLS_EXTRA since it was installed. In the latter case, you"
    147           echo "*** may want to edit the libgnutls-extra-config script: $LIBGNUTLS_EXTRA_CONFIG" ])
     144          echo "*** exact error that occured. This usually means LIBGNUTLS was incorrectly installed"
     145          echo "*** or that you have moved LIBGNUTLS since it was installed. In the latter case, you"
     146          echo "*** may want to edit the libgnutls-config script: $LIBGNUTLS_CONFIG" ])
    148147          CFLAGS="$ac_save_CFLAGS"
    149148          LIBS="$ac_save_LIBS"
    150149       fi
    151150     fi
    152      LIBGNUTLS_EXTRA_CFLAGS=""
    153      LIBGNUTLS_EXTRA_LIBS=""
     151     LIBGNUTLS_CFLAGS=""
     152     LIBGNUTLS_LIBS=""
    154153     ifelse([$3], , :, [$3])
    155154  fi
    156155  rm -f conf.libgnutlstest
    157   AC_SUBST(LIBGNUTLS_EXTRA_CFLAGS)
    158   AC_SUBST(LIBGNUTLS_EXTRA_LIBS)
     156  AC_SUBST(LIBGNUTLS_CFLAGS)
     157  AC_SUBST(LIBGNUTLS_LIBS)
    159158
    160   LIBGNUTLS_LIBS=$LIBGNUTLS_EXTRA_LIBS
    161   LIBGNUTLS_CFLAGS=$LIBGNUTLS_EXTRA_CFLAGS
    162   LIBGNUTLS_VERSION=`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --version`
    163   LIBGNUTLS_PREFIX="`$LIBGNUTLS_EXTRA_CONFIG $libgnutls_extra_config_args --prefix`"
     159  LIBGNUTLS_VERSION=`$LIBGNUTLS_CONFIG $libgnutls_config_args --version`
     160  LIBGNUTLS_PREFIX="`$LIBGNUTLS_CONFIG $libgnutls_config_args --prefix`"
    164161  GNUTLS_CERTTOOL="${LIBGNUTLS_PREFIX}/bin/certtool"
    165162
     
    169166  AC_SUBST(LIBGNUTLS_PREFIX)
    170167  AC_SUBST(LIBGNUTLS_CERTTOOL)
    171  
     168
    172169])
    173170
  • src/Makefile.in

    r2dd044f r15ffe0b  
    143143LIBGNUTLS_CERTTOOL = @LIBGNUTLS_CERTTOOL@
    144144LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
    145 LIBGNUTLS_EXTRA_CFLAGS = @LIBGNUTLS_EXTRA_CFLAGS@
    146 LIBGNUTLS_EXTRA_CONFIG = @LIBGNUTLS_EXTRA_CONFIG@
    147 LIBGNUTLS_EXTRA_LIBS = @LIBGNUTLS_EXTRA_LIBS@
     145LIBGNUTLS_CONFIG = @LIBGNUTLS_CONFIG@
    148146LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
    149147LIBGNUTLS_PREFIX = @LIBGNUTLS_PREFIX@
  • src/gnutls_config.c

    r2dd044f r15ffe0b  
    11/**
    22 *  Copyright 2004-2005 Paul Querna
    3  *  Copyright 2007 Nikos Mavrogiannopoulos
    43 *
    54 *  Licensed under the Apache License, Version 2.0 (the "License");
     
    204203}
    205204
    206 const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy,
    207                               const char *arg)
    208 {
    209     int ret;
    210     gnutls_datum_t data;
    211     const char *file;
    212     apr_pool_t *spool;
    213     mgs_srvconf_rec *sc =
    214         (mgs_srvconf_rec *) ap_get_module_config(parms->server->
    215                                                  module_config,
    216                                                  &gnutls_module);
    217     apr_pool_create(&spool, parms->pool);
    218 
    219     file = ap_server_root_relative(spool, arg);
    220 
    221     if (load_datum_from_file(spool, file, &data) != 0) {
    222         return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
    223                             "Certificate '%s'", file);
    224     }
    225 
    226     ret = gnutls_openpgp_crt_init( &sc->cert_pgp);
    227     if (ret < 0) {
    228         return apr_psprintf(parms->pool, "GnuTLS: Failed to Init "
    229                             "PGP Certificate: (%d) %s", ret,
    230                             gnutls_strerror(ret));
    231     }
    232      
    233     ret =
    234         gnutls_openpgp_crt_import(sc->cert_pgp, &data, GNUTLS_OPENPGP_FMT_BASE64);
    235     if (ret < 0) {
    236         return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
    237                             "PGP Certificate '%s': (%d) %s", file, ret,
    238                             gnutls_strerror(ret));
    239     }
    240 
    241     apr_pool_destroy(spool);
    242     return NULL;
    243 }
    244 
    245 const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
    246                              const char *arg)
    247 {
    248     int ret;
    249     gnutls_datum_t data;
    250     const char *file;
    251     apr_pool_t *spool;
    252     mgs_srvconf_rec *sc =
    253         (mgs_srvconf_rec *) ap_get_module_config(parms->server->
    254                                                  module_config,
    255                                                  &gnutls_module);
    256     apr_pool_create(&spool, parms->pool);
    257 
    258     file = ap_server_root_relative(spool, arg);
    259 
    260     if (load_datum_from_file(spool, file, &data) != 0) {
    261         return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
    262                             "Private Key '%s'", file);
    263     }
    264 
    265     ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp);
    266     if (ret < 0) {
    267         return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize"
    268                             ": (%d) %s", ret, gnutls_strerror(ret));
    269     }
    270 
    271     ret =
    272         gnutls_openpgp_privkey_import(sc->privkey_pgp, &data,
    273                                    GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
    274     if (ret != 0) {
    275         return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
    276                             "PGP Private Key '%s': (%d) %s", file, ret,
    277                             gnutls_strerror(ret));
    278     }
    279     apr_pool_destroy(spool);
    280     return NULL;
    281 }
    282 
    283 
    284205#ifdef ENABLE_SRP
    285206
     
    434355}
    435356
    436 const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
    437                                    const char *arg)
    438 {
    439     int rv;
    440     const char *file;
    441     apr_pool_t *spool;
    442     gnutls_datum_t data;
    443 
    444     mgs_srvconf_rec *sc =
    445         (mgs_srvconf_rec *) ap_get_module_config(parms->server->
    446                                                  module_config,
    447                                                  &gnutls_module);
    448     apr_pool_create(&spool, parms->pool);
    449 
    450     file = ap_server_root_relative(spool, arg);
    451 
    452     if (load_datum_from_file(spool, file, &data) != 0) {
    453         return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
    454                             "Keyring File '%s'", file);
    455     }
    456 
    457     rv = gnutls_openpgp_keyring_init(&sc->pgp_list);
    458     if (rv < 0) {
    459         return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize"
    460                             "keyring: (%d) %s", rv, gnutls_strerror(rv));
    461     }
    462 
    463     rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data, GNUTLS_OPENPGP_FMT_BASE64);
    464     if (rv < 0) {
    465         return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
    466                             "Keyring File '%s': (%d) %s", file, rv,
    467                             gnutls_strerror(rv));
    468     }
    469 
    470     apr_pool_destroy(spool);
    471     return NULL;
    472 }
    473 
    474357const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
    475358                            const char *arg)
  • src/gnutls_hooks.c

    r2dd044f r15ffe0b  
    3737static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt);
    3838/* use side==0 for server and side==1 for client */
    39 static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert,
    40                                      int side,
    41                                      int export_certificates_enabled);
    42 static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert,
     39static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert,
    4340                                     int side,
    4441                                     int export_certificates_enabled);
     
    7269#endif
    7370
    74     if (gnutls_check_version(LIBGNUTLS_VERSION)==NULL) {
    75         fprintf(stderr, "gnutls_check_version() failed. Required: gnutls-%s Found: gnutls-%s\n",
    76           LIBGNUTLS_VERSION, gnutls_check_version(NULL));
    77         return -3;
    78     }
    79 
    8071    ret = gnutls_global_init();
    81     if (ret < 0) {
    82         fprintf(stderr, "gnutls_global_init: %s\n", gnutls_strerror(ret));
    83         return -3;
    84     }
    85 
    86     ret = gnutls_global_init_extra();
    87     if (ret < 0) {
    88         fprintf(stderr, "gnutls_global_init_extra: %s\n", gnutls_strerror(ret));
    89         return -3;
    90     }
     72    if (ret < 0) /* FIXME: can we print here? */
     73        exit(ret);
    9174                                           
    9275    apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config,
     
    10083    gnutls_global_set_log_level(9);
    10184    gnutls_global_set_log_function(gnutls_debug_log_all);
    102     apr_file_printf(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL));
    10385#endif
    10486
    10587    return OK;
    10688}
     89
     90/* We don't support openpgp certificates, yet */
     91const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 };
    10792
    10893static int mgs_select_virtual_server_cb(gnutls_session_t session)
     
    11196    mgs_srvconf_rec *tsc;
    11297    int ret;
    113     int cprio[2];
    11498
    11599    ctxt = gnutls_transport_get_ptr(session);
     
    145129     */
    146130    ret = gnutls_priority_set(session, ctxt->sc->priorities);
     131    gnutls_certificate_type_set_priority(session, cert_type_prio);
     132
     133
    147134    /* actually it shouldn't fail since we have checked at startup */
    148135    if (ret < 0)
    149136        return ret;
    150137
    151     /* If both certificate types are not present disallow them from
    152      * being negotiated.
    153      */
    154     if (ctxt->sc->certs_x509[0] != NULL && ctxt->sc->cert_pgp == NULL) {
    155         cprio[0] = GNUTLS_CRT_X509;
    156         cprio[1] = 0;
    157         gnutls_certificate_type_set_priority( session, cprio);
    158     } else if (ctxt->sc->cert_pgp != NULL && ctxt->sc->certs_x509[0]==NULL) {
    159         cprio[0] = GNUTLS_CRT_OPENPGP;
    160         cprio[1] = 0;
    161         gnutls_certificate_type_set_priority( session, cprio);
    162     }
    163138
    164139    return 0;
     
    171146    ctxt = gnutls_transport_get_ptr(session);
    172147
    173     if (gnutls_certificate_type_get( session) == GNUTLS_CRT_X509) {
    174         ret->type = GNUTLS_CRT_X509;
    175         ret->ncerts = ctxt->sc->certs_x509_num;
    176         ret->deinit_all = 0;
    177 
    178         ret->cert.x509 = ctxt->sc->certs_x509;
    179         ret->key.x509 = ctxt->sc->privkey_x509;
    180        
    181         return 0;
    182     } else if (gnutls_certificate_type_get( session) == GNUTLS_CRT_OPENPGP) {
    183         ret->type = GNUTLS_CRT_OPENPGP;
    184         ret->ncerts = 1;
    185         ret->deinit_all = 0;
    186 
    187         ret->cert.pgp = ctxt->sc->cert_pgp;
    188         ret->key.pgp = ctxt->sc->privkey_pgp;
    189 
    190         return 0;
    191    
    192     }
    193 
    194     return GNUTLS_E_INTERNAL_ERROR;
    195 }
    196 
    197 /* 2048-bit group parameters from SRP specification */
     148    ret->type = GNUTLS_CRT_X509;
     149    ret->ncerts = ctxt->sc->certs_x509_num;
     150    ret->deinit_all = 0;
     151
     152    ret->cert.x509 = ctxt->sc->certs_x509;
     153    ret->key.x509 = ctxt->sc->privkey_x509;
     154    return 0;
     155}
     156
    198157const char static_dh_params[] = "-----BEGIN DH PARAMETERS-----\n"
    199158    "MIIBBwKCAQCsa9tBMkqam/Fm3l4TiVgvr3K2ZRmH7gf8MZKUPbVgUKNzKcu0oJnt\n"
     
    211170 */
    212171static int read_crt_cn(server_rec * s, apr_pool_t * p,
    213                        gnutls_x509_crt_t cert, char **cert_cn)
     172                       gnutls_x509_crt cert, char **cert_cn)
    214173{
    215174    int rv = 0, i;
     
    219178    *cert_cn = NULL;
    220179
    221     data_len = 0;
    222180    rv = gnutls_x509_crt_get_dn_by_oid(cert,
    223181                                       GNUTLS_OID_X520_COMMON_NAME,
     
    230188                                           0, *cert_cn, &data_len);
    231189    } else {                    /* No CN return subject alternative name */
    232         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
    233                      "No common name found in certificate for '%s:%d'. Looking for subject alternative name...",
     190        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
     191                     "No common name found in certificate for '%s:%d'. Looking for subject alternative name.",
    234192                     s->server_hostname, s->port);
    235193        rv = 0;
     
    259217
    260218    return rv;
    261 }
    262 
    263 static int read_pgpcrt_cn(server_rec * s, apr_pool_t * p,
    264                        gnutls_openpgp_crt_t cert, char **cert_cn)
    265 {
    266     int rv = 0;
    267     size_t data_len;
    268 
    269 
    270     *cert_cn = NULL;
    271 
    272     data_len = 0;
    273     rv = gnutls_openpgp_crt_get_name(cert, 0, NULL, &data_len);
    274 
    275     if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {
    276         *cert_cn = apr_palloc(p, data_len);
    277         rv = gnutls_openpgp_crt_get_name(cert, 0, *cert_cn, &data_len);
    278     } else {                    /* No CN return subject alternative name */
    279         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
    280                      "No name found in PGP certificate for '%s:%d'.",
    281                      s->server_hostname, s->port);
    282     }
    283 
    284     return rv;
    285 }
    286 
     219
     220}
    287221
    288222int
     
    421355            if (sc->enabled == GNUTLS_ENABLED_TRUE) {
    422356                rv = read_crt_cn(s, p, sc->certs_x509[0], &sc->cert_cn);
    423                 if (rv < 0 && sc->cert_pgp != NULL)  /* try openpgp certificate */
    424                     rv = read_pgpcrt_cn(s, p, sc->cert_pgp, &sc->cert_cn);
    425 
    426357                if (rv < 0) {
    427358                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
     
    552483    ctxt = gnutls_transport_get_ptr(session);
    553484
     485    sni_type = gnutls_certificate_type_get(session);
     486    if (sni_type != GNUTLS_CRT_X509) {
     487        /* In theory, we could support OpenPGP Certificates. Theory != code. */
     488        ap_log_error(APLOG_MARK, APLOG_CRIT, 0,
     489                     ctxt->c->base_server,
     490                     "GnuTLS: Only x509 Certificates are currently supported.");
     491        return NULL;
     492    }
     493
    554494    rv = gnutls_server_name_get(ctxt->session, sni_name,
    555495                                &data_len, &sni_type, 0);
     
    751691    apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp));
    752692
    753     if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_X509)
    754         mgs_add_common_cert_vars(r, ctxt->sc->certs_x509[0], 0,
    755                              ctxt->sc->export_certificates_enabled);
    756     else if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_OPENPGP)
    757         mgs_add_common_pgpcert_vars(r, ctxt->sc->cert_pgp, 0,
     693    mgs_add_common_cert_vars(r, ctxt->sc->certs_x509[0], 0,
    758694                             ctxt->sc->export_certificates_enabled);
    759695
     
    817753#define MGS_SIDE ((side==0)?"SSL_SERVER":"SSL_CLIENT")
    818754static void
    819 mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side,
     755mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side,
    820756                         int export_certificates_enabled)
    821757{
     
    923859        }
    924860    }
    925 }
    926 
    927 static void
    928 mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side,
    929                          int export_certificates_enabled)
    930 {
    931     unsigned char sbuf[64];     /* buffer to hold serials */
    932     char buf[AP_IOBUFSIZE];
    933     const char *tmp;
    934     size_t len;
    935     int ret;
    936 
    937     apr_table_t *env = r->subprocess_env;
    938 
    939     if (export_certificates_enabled != 0) {
    940         char cert_buf[10 * 1024];
    941         len = sizeof(cert_buf);
    942 
    943         if (gnutls_openpgp_crt_export
    944             (cert, GNUTLS_OPENPGP_FMT_BASE64, cert_buf, &len) >= 0)
    945             apr_table_setn(env,
    946                            apr_pstrcat(r->pool, MGS_SIDE, "_CERT", NULL),
    947                            apr_pstrmemdup(r->pool, cert_buf, len));
    948 
    949     }
    950 
    951     len = sizeof(buf);
    952     gnutls_openpgp_crt_get_name(cert, 0, buf, &len);
    953     apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_NAME", NULL),
    954                    apr_pstrmemdup(r->pool, buf, len));
    955 
    956     len = sizeof(sbuf);
    957     gnutls_openpgp_crt_get_fingerprint(cert, sbuf, &len);
    958     tmp = mgs_session_id2sz(sbuf, len, buf, sizeof(buf));
    959     apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_FINGERPRINT", NULL),
    960                    apr_pstrdup(r->pool, tmp));
    961 
    962     ret = gnutls_openpgp_crt_get_version(cert);
    963     if (ret > 0)
    964         apr_table_setn(env,
    965                        apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL),
    966                        apr_psprintf(r->pool, "%u", ret));
    967 
    968     apr_table_setn(env,
    969        apr_pstrcat(r->pool, MGS_SIDE, "_CERT_TYPE", NULL), "OPENPGP");
    970 
    971     tmp =
    972         mgs_time2sz(gnutls_openpgp_crt_get_expiration_time
    973                     (cert), buf, sizeof(buf));
    974     apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_V_END", NULL),
    975                    apr_pstrdup(r->pool, tmp));
    976 
    977     tmp =
    978         mgs_time2sz(gnutls_openpgp_crt_get_creation_time
    979                     (cert), buf, sizeof(buf));
    980     apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_V_START", NULL),
    981                    apr_pstrdup(r->pool, tmp));
    982 
    983     ret = gnutls_openpgp_crt_get_pk_algorithm(cert, NULL);
    984     if (ret >= 0) {
    985         apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_A_KEY", NULL),
    986                        gnutls_pk_algorithm_get_name(ret));
    987     }
    988 
    989 }
    990 
    991 /* TODO: Allow client sending a X.509 certificate chain */
     861
     862
     863}
     864
     865
    992866static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt)
    993867{
     
    995869    unsigned int cert_list_size, status, expired;
    996870    int rv, ret;
    997     union {
    998       gnutls_x509_crt_t x509;
    999       gnutls_openpgp_crt_t pgp;
    1000     } cert;
     871    gnutls_x509_crt_t cert;
    1001872    apr_time_t activation_time, expiration_time, cur_time;
    1002873
     
    1024895    }
    1025896
    1026     if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_X509) {
    1027         gnutls_x509_crt_init(&cert.x509);
    1028         rv = gnutls_x509_crt_import(cert.x509, &cert_list[0], GNUTLS_X509_FMT_DER);
    1029     } else if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_OPENPGP) {
    1030         gnutls_openpgp_crt_init(&cert.pgp);
    1031         rv = gnutls_openpgp_crt_import(cert.pgp, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
    1032     } else return HTTP_FORBIDDEN;
    1033  
     897    gnutls_x509_crt_init(&cert);
     898    rv = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
    1034899    if (rv < 0) {
    1035        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
     900        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
    1036901                      "GnuTLS: Failed to Verify Peer: "
    1037902                      "Failed to import peer certificates.");
    1038        ret = HTTP_FORBIDDEN;
    1039        goto exit;
    1040     }
    1041 
    1042     if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_X509) {
    1043         apr_time_ansi_put(&expiration_time,
    1044                       gnutls_x509_crt_get_expiration_time(cert.x509));
    1045         apr_time_ansi_put(&activation_time,
    1046                       gnutls_x509_crt_get_activation_time(cert.x509));
    1047 
    1048         rv = gnutls_x509_crt_verify(cert.x509, ctxt->sc->ca_list,
     903        ret = HTTP_FORBIDDEN;
     904        goto exit;
     905    }
     906
     907    apr_time_ansi_put(&expiration_time,
     908                      gnutls_x509_crt_get_expiration_time(cert));
     909    apr_time_ansi_put(&activation_time,
     910                      gnutls_x509_crt_get_activation_time(cert));
     911
     912    rv = gnutls_x509_crt_verify(cert, ctxt->sc->ca_list,
    1049913                                ctxt->sc->ca_list_size, 0, &status);
    1050     } else {
    1051         apr_time_ansi_put(&expiration_time,
    1052                       gnutls_openpgp_crt_get_expiration_time(cert.pgp));
    1053         apr_time_ansi_put(&activation_time,
    1054                       gnutls_openpgp_crt_get_creation_time(cert.pgp));
    1055 
    1056         rv = gnutls_openpgp_crt_verify_ring(cert.pgp, ctxt->sc->pgp_list,
    1057                       0, &status);
    1058     }
    1059914
    1060915    if (rv < 0) {
     
    1062917                      "GnuTLS: Failed to Verify Peer certificate: (%d) %s",
    1063918                      rv, gnutls_strerror(rv));
    1064         if (rv == GNUTLS_E_NO_CERTIFICATE_FOUND)
    1065             ap_log_rerror(APLOG_MARK, APLOG_EMERG, 0, r,
    1066                       "GnuTLS: No certificate was found for verification. Did you set the GnuTLSX509CAFile or GnuTLSPGPKeyringFile directives?");
    1067919        ret = HTTP_FORBIDDEN;
    1068920        goto exit;
    1069921    }
    1070 
    1071     /* TODO: X509 CRL Verification. */
    1072     /* May add later if anyone needs it.
    1073      */
    1074     /* ret = gnutls_x509_crt_check_revocation(crt, crl_list, crl_list_size); */
    1075922
    1076923    expired = 0;
     
    1108955    }
    1109956
    1110     if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_X509)
    1111         mgs_add_common_cert_vars(r, cert.x509, 1,
    1112                              ctxt->sc->export_certificates_enabled);
    1113     else if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_OPENPGP)
    1114         mgs_add_common_pgpcert_vars(r, cert.pgp, 1,
     957    /* TODO: Further Verification. */
     958    /* Revocation is X.509 non workable paradigm, I really doubt implementation
     959     * is worth doing --nmav
     960     */
     961/// ret = gnutls_x509_crt_check_revocation(crt, crl_list, crl_list_size);
     962
     963//    mgs_hook_fixups(r);
     964//    rv = mgs_authz_lua(r);
     965
     966    mgs_add_common_cert_vars(r, cert, 1,
    1115967                             ctxt->sc->export_certificates_enabled);
    1116968
     
    1136988
    1137989  exit:
    1138     if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_X509)
    1139         gnutls_x509_crt_deinit(cert.x509);
    1140     else if (gnutls_certificate_type_get( ctxt->session) == GNUTLS_CRT_OPENPGP)
    1141         gnutls_openpgp_crt_deinit(cert.pgp);
     990    gnutls_x509_crt_deinit(cert);
    1142991    return ret;
    1143992
  • src/mod_gnutls.c

    r2dd044f r15ffe0b  
    6464                  RSRC_CONF,
    6565                  "Set the CA File to verify Client Certificates"),
    66     AP_INIT_TAKE1("GnuTLSX509CAFile", mgs_set_client_ca_file,
    67                   NULL,
    68                   RSRC_CONF,
    69                   "Set the CA File to verify Client Certificates"),
    70     AP_INIT_TAKE1("GnuTLSPGPKeyringFile", mgs_set_keyring_file,
    71                   NULL,
    72                   RSRC_CONF,
    73                   "Set the Keyring File to verify Client Certificates"),
    7466    AP_INIT_TAKE1("GnuTLSDHFile", mgs_set_dh_file,
    7567                  NULL,
     
    8375                  NULL,
    8476                  RSRC_CONF,
    85                   "SSL Server X509 Certificate file"),
     77                  "SSL Server Key file"),
    8678    AP_INIT_TAKE1("GnuTLSKeyFile", mgs_set_key_file,
    8779                  NULL,
    8880                  RSRC_CONF,
    89                   "SSL Server X509 Private Key file"),
    90     AP_INIT_TAKE1("GnuTLSX509CertificateFile", mgs_set_cert_file,
    91                   NULL,
    92                   RSRC_CONF,
    93                   "SSL Server X509 Certificate file"),
    94     AP_INIT_TAKE1("GnuTLSX509KeyFile", mgs_set_key_file,
    95                   NULL,
    96                   RSRC_CONF,
    97                   "SSL Server X509 Private Key file"),
    98     AP_INIT_TAKE1("GnuTLSPGPCertificateFile", mgs_set_pgpcert_file,
    99                   NULL,
    100                   RSRC_CONF,
    101                   "SSL Server PGP Certificate file"),
    102     AP_INIT_TAKE1("GnuTLSPGPKeyFile", mgs_set_pgpkey_file,
    103                   NULL,
    104                   RSRC_CONF,
    105                   "SSL Server PGP Private key file"),
     81                  "SSL Server SRP Password file"),
    10682#ifdef ENABLE_SRP
    10783    AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file,
Note: See TracChangeset for help on using the changeset viewer.