Changeset 19e80a5 in mod_gnutls for src/mod_gnutls.c


Ignore:
Timestamp:
Jan 28, 2019, 2:50:38 PM (13 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master
Children:
102aa67
Parents:
0931b35 (diff), ea9c699 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Update upstream source from tag 'upstream/0.9.0'

Update to upstream version '0.9.0'
with Debian dir 619b546038886b240d2c8e61ee1a1b13ce0867d7

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    r0931b35 r19e80a5  
    1919
    2020#include "mod_gnutls.h"
     21#include "gnutls_config.h"
    2122#include "gnutls_ocsp.h"
    2223#include "gnutls_util.h"
     24
     25#include <apr_strings.h>
    2326
    2427#ifdef APLOG_USE_MODULE
     
    3033                   int proxy, int enable);
    3134
     35#define MOD_HTTP2 "mod_http2.c"
     36#define MOD_WATCHDOG "mod_watchdog.c"
    3237static const char * const mod_proxy[] = { "mod_proxy.c", NULL };
    33 static const char * const mod_http2[] = { "mod_http2.c", NULL };
     38static const char * const mod_http2[] = { MOD_HTTP2, NULL };
     39static const char * const mod_watchdog[] = { MOD_WATCHDOG, NULL };
    3440
    3541static void gnutls_hooks(apr_pool_t * p __attribute__((unused)))
    3642{
    37     /* Try Run Post-Config Hook After mod_proxy */
    38     ap_hook_post_config(mgs_hook_post_config, mod_proxy, mod_http2,
     43    /* Watchdog callbacks must be configured before post_config of
     44     * mod_watchdog runs, or the watchdog won't be started. Similarly,
     45     * our child_init hook must run before mod_watchdog's because our
     46     * watchdog threads are started there and need some child-specific
     47     * resources. */
     48    static const char * const post_conf_succ[] =
     49        { MOD_HTTP2, MOD_WATCHDOG, NULL };
     50    ap_hook_post_config(mgs_hook_post_config, mod_proxy, post_conf_succ,
    3951                        APR_HOOK_MIDDLE);
    4052    /* HTTP Scheme Hook */
     
    5163                       APR_HOOK_MIDDLE);
    5264    /* Child-Init Hook */
    53     ap_hook_child_init(mgs_hook_child_init, NULL, NULL,
     65    ap_hook_child_init(mgs_hook_child_init, NULL, mod_watchdog,
    5466                       APR_HOOK_MIDDLE);
    5567    /* Authentication Hook */
     
    5870    /* Fixups Hook */
    5971    ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
     72
     73    /* Request hook: Check if TLS connection and request host match */
     74    ap_hook_post_read_request(mgs_req_vhost_check, NULL, NULL, APR_HOOK_MIDDLE);
    6075
    6176    /* TODO: HTTP Upgrade Filter */
     
    209224        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
    210225                      "%s: mod_proxy requested TLS proxy, but not enabled "
    211                       "for %s", __func__, ctxt->sc->cert_cn);
     226                      "for %s:%d", __func__,
     227                      ctxt->c->base_server->server_hostname,
     228                      ctxt->c->base_server->addrs->host_port);
    212229        return 0;
    213230    }
     
    236253}
    237254
     255#define OPENPGP_REMOVED "OpenPGP support has been removed."
     256
    238257static const command_rec mgs_config_cmds[] = {
    239258    AP_INIT_FLAG("GnuTLSProxyEngine", mgs_set_proxy_engine,
     
    269288    RSRC_CONF,
    270289    "Set the CA File to verify Client Certificates"),
    271     AP_INIT_TAKE1("GnuTLSPGPKeyringFile", mgs_set_keyring_file,
    272     NULL,
    273     RSRC_CONF,
    274     "Set the Keyring File to verify Client Certificates"),
    275290    AP_INIT_TAKE1("GnuTLSDHFile", mgs_set_dh_file,
    276291    NULL,
     
    293308    RSRC_CONF,
    294309    "TLS Server X509 Private Key file"),
    295     AP_INIT_TAKE1("GnuTLSPGPCertificateFile", mgs_set_pgpcert_file,
    296     NULL,
    297     RSRC_CONF,
    298     "TLS Server PGP Certificate file"),
    299     AP_INIT_TAKE1("GnuTLSPGPKeyFile", mgs_set_pgpkey_file,
    300     NULL,
    301     RSRC_CONF,
    302     "TLS Server PGP Private key file"),
    303310#ifdef ENABLE_SRP
    304311    AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file,
     
    319326    NULL,
    320327    RSRC_CONF,
    321     "Cache Configuration"),
     328    "Session Cache Configuration"),
    322329    AP_INIT_FLAG("GnuTLSSessionTickets", mgs_set_tickets,
    323330    NULL,
     
    361368                 NULL, RSRC_CONF,
    362369                 "Enable OCSP stapling"),
     370    AP_INIT_FLAG("GnuTLSOCSPAutoRefresh", mgs_set_ocsp_auto_refresh,
     371                 NULL, RSRC_CONF,
     372                 "Regularly refresh cached OCSP response independent "
     373                 "of TLS handshakes?"),
     374    AP_INIT_TAKE12("GnuTLSOCSPCache", mgs_set_cache,
     375                   NULL,
     376                   RSRC_CONF,
     377                  "OCSP Cache Configuration"),
    363378    AP_INIT_FLAG("GnuTLSOCSPCheckNonce", mgs_set_ocsp_check_nonce,
    364379                 NULL, RSRC_CONF,
     
    376391                  "Wait this many seconds before retrying a failed OCSP "
    377392                  "request"),
     393    AP_INIT_TAKE1("GnuTLSOCSPFuzzTime", mgs_set_timeout,
     394                  NULL, RSRC_CONF,
     395                  "Update cached OCSP response up to this many seconds "
     396                  "before it expires, if GnuTLSOCSPAutoRefresh is enabled."),
    378397    AP_INIT_TAKE1("GnuTLSOCSPSocketTimeout", mgs_set_timeout,
    379398                  NULL, RSRC_CONF,
    380399                  "Socket timeout for OCSP requests"),
     400    AP_INIT_RAW_ARGS("GnuTLSPGPKeyringFile",
     401                     ap_set_deprecated, NULL, OR_ALL, OPENPGP_REMOVED),
     402    AP_INIT_RAW_ARGS("GnuTLSPGPCertificateFile",
     403                     ap_set_deprecated, NULL, OR_ALL, OPENPGP_REMOVED),
     404    AP_INIT_RAW_ARGS("GnuTLSPGPKeyFile",
     405                     ap_set_deprecated, NULL, OR_ALL, OPENPGP_REMOVED),
    381406#ifdef __clang__
    382407    /* Workaround for this clang bug:
Note: See TracChangeset for help on using the changeset viewer.