Changeset 1c87791 in mod_gnutls


Ignore:
Timestamp:
Jan 11, 2013, 12:54:56 AM (7 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports
Children:
3f5c713
Parents:
b67ea18 (diff), 3e94bd3 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge tag 'upstream/0.2.0'

Upstream version 0.2.0

Files:
2 added
16 edited

Legend:

Unmodified
Added
Removed
  • config.in

    rb67ea18 r1c87791  
    11/* config.in.  Generated from configure.ac by autoheader.  */
     2
     3/* Define to 1 if mod_status.h and the mod_Status hook are available */
     4#undef HAVE_MOD_STATUS_H
    25
    36/* Name of package */
  • config/config.guess

    rb67ea18 r1c87791  
    22# Attempt to guess a canonical system name.
    33#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
    4 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
    5 
    6 timestamp='2004-11-12'
     4#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
     5
     6timestamp='2005-03-24'
    77
    88# This file is free software; you can redistribute it and/or modify it
     
    5454
    5555Originally written by Per Bothner.
    56 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
     56Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
    5757Free Software Foundation, Inc.
    5858
     
    804804    i*:UWIN*:*)
    805805        echo ${UNAME_MACHINE}-pc-uwin
     806        exit 0 ;;
     807    amd64:CYGWIN*:*:*)
     808        echo x86_64-unknown-cygwin
    806809        exit 0 ;;
    807810    p*:CYGWIN*:*)
     
    11981201        echo i386-pc-qnx
    11991202        exit 0 ;;
     1203    NSE-?:NONSTOP_KERNEL:*:*)
     1204        echo nse-tandem-nsk${UNAME_RELEASE}
     1205        exit 0 ;;
    12001206    NSR-?:NONSTOP_KERNEL:*:*)
    12011207        echo nsr-tandem-nsk${UNAME_RELEASE}
     
    14141420download the most up to date version of the config scripts from
    14151421
    1416     ftp://ftp.gnu.org/pub/gnu/config/
     1422  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
     1423and
     1424  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
    14171425
    14181426If the version you run ($0) is already up to date, please
  • config/config.sub

    rb67ea18 r1c87791  
    22# Configuration validation subroutine script.
    33#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
    4 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
    5 
    6 timestamp='2004-11-30'
     4#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
     5
     6timestamp='2005-02-10'
    77
    88# This file is (in principle) common to ALL GNU software.
     
    7171GNU config.sub ($timestamp)
    7272
    73 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
     73Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
    7474Free Software Foundation, Inc.
    7575
     
    238238        | i370 | i860 | i960 | ia64 \
    239239        | ip2k | iq2000 \
    240         | m32r | m32rle | m68000 | m68k | m88k | mcore \
     240        | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
    241241        | mips | mipsbe | mipseb | mipsel | mipsle \
    242242        | mips16 \
     
    311311        | m32r-* | m32rle-* \
    312312        | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
    313         | m88110-* | m88k-* | mcore-* \
     313        | m88110-* | m88k-* | maxq-* | mcore-* \
    314314        | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
    315315        | mips16-* \
  • configure

    rb67ea18 r1c87791  
    11#! /bin/sh
    22# Guess values for system-dependent variables and create Makefiles.
    3 # Generated by GNU Autoconf 2.59 for mod_gnutls 0.1.1.
     3# Generated by GNU Autoconf 2.59 for mod_gnutls 0.2.0.
    44#
    55# Copyright (C) 2003 Free Software Foundation, Inc.
     
    268268PACKAGE_NAME='mod_gnutls'
    269269PACKAGE_TARNAME='mod_gnutls'
    270 PACKAGE_VERSION='0.1.1'
    271 PACKAGE_STRING='mod_gnutls 0.1.1'
     270PACKAGE_VERSION='0.2.0'
     271PACKAGE_STRING='mod_gnutls 0.2.0'
    272272PACKAGE_BUGREPORT=''
    273273
     
    738738  # This message is too long to be a string in the A/UX 3.1 sh.
    739739  cat <<_ACEOF
    740 \`configure' configures mod_gnutls 0.1.1 to adapt to many kinds of systems.
     740\`configure' configures mod_gnutls 0.2.0 to adapt to many kinds of systems.
    741741
    742742Usage: $0 [OPTION]... [VAR=VALUE]...
     
    805805if test -n "$ac_init_help"; then
    806806  case $ac_init_help in
    807      short | recursive ) echo "Configuration of mod_gnutls 0.1.1:";;
     807     short | recursive ) echo "Configuration of mod_gnutls 0.2.0:";;
    808808   esac
    809809  cat <<\_ACEOF
     
    935935if $ac_init_version; then
    936936  cat <<\_ACEOF
    937 mod_gnutls configure 0.1.1
     937mod_gnutls configure 0.2.0
    938938generated by GNU Autoconf 2.59
    939939
     
    949949running configure, to aid debugging if configure makes a mistake.
    950950
    951 It was created by mod_gnutls $as_me 0.1.1, which was
     951It was created by mod_gnutls $as_me 0.2.0, which was
    952952generated by GNU Autoconf 2.59.  Invocation command line was
    953953
     
    13031303  chmod +x config.nice
    13041304
    1305 MOD_GNUTLS_VERSION=0.1.1
     1305MOD_GNUTLS_VERSION=0.2.0
    13061306
    13071307
     
    17311731# Define the identity of the package.
    17321732 PACKAGE=mod_gnutls
    1733  VERSION=0.1.1
     1733 VERSION=0.2.0
    17341734
    17351735
     
    34443444                    AP_VERSION="2.0"
    34453445                    APXS_EXTENSION=.la
     3446                    if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then
     3447
     3448cat >>confdefs.h <<\_ACEOF
     3449#define HAVE_MOD_STATUS_H 1
     3450_ACEOF
     3451
     3452                    fi
    34463453                    AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES"
    34473454                    AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES"
     
    43354342cat >&5 <<_CSEOF
    43364343
    4337 This file was extended by mod_gnutls $as_me 0.1.1, which was
     4344This file was extended by mod_gnutls $as_me 0.2.0, which was
    43384345generated by GNU Autoconf 2.59.  Invocation command line was
    43394346
     
    43984405cat >>$CONFIG_STATUS <<_ACEOF
    43994406ac_cs_version="\\
    4400 mod_gnutls config.status 0.1.1
     4407mod_gnutls config.status 0.2.0
    44014408configured by $0, generated by GNU Autoconf 2.59,
    44024409  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
  • configure.ac

    rb67ea18 r1c87791  
    1 AC_INIT(mod_gnutls, 0.1.1)
     1AC_INIT(mod_gnutls, 0.2.0)
    22OOO_CONFIG_NICE(config.nice)
    33MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
  • include/mod_gnutls.h.in

    rb67ea18 r1c87791  
    2828#include "ap_release.h"
    2929
     30#include <gcrypt.h>
     31#include <gnutls/gnutls.h>
     32#include <gnutls/x509.h>
     33
    3034#ifndef __mod_gnutls_h_inc
    3135#define __mod_gnutls_h_inc
    3236
    3337#define HAVE_APR_MEMCACHE    @have_apr_memcache@
    34 
    35 #include <gcrypt.h>
    36 #include <gnutls/gnutls.h>
    3738
    3839module AP_MODULE_DECLARE_DATA gnutls_module;
     
    6263typedef enum
    6364{
    64     mod_gnutls_cache_none,
    65     mod_gnutls_cache_dbm,
     65    mgs_cache_none,
     66    mgs_cache_dbm,
    6667#if HAVE_APR_MEMCACHE
    67     mod_gnutls_cache_memcache
     68    mgs_cache_memcache
    6869#endif
    69 } mod_gnutls_cache_e;
     70} mgs_cache_e;
    7071
    7172typedef struct
    7273{
     74    int client_verify_mode;
     75} mgs_dirconf_rec;
     76
     77typedef struct
     78{
    7379    gnutls_certificate_credentials_t certs;
    74     char *key_file;
    75     char *cert_file;
     80    char* cert_cn;
     81    gnutls_x509_crt_t cert_x509;
     82    gnutls_x509_privkey_t privkey_x509;
    7683    int enabled;
    7784    int ciphers[16];
     
    8289    int cert_types[16];
    8390    apr_time_t cache_timeout;
    84     mod_gnutls_cache_e cache_type;
     91    mgs_cache_e cache_type;
    8592    const char* cache_config;
    8693    const char* rsa_params_file;
    8794    const char* dh_params_file;
    88 } mod_gnutls_srvconf_rec;
     95    int client_verify_mode;
     96} mgs_srvconf_rec;
    8997
    9098typedef struct {
    9199    int length;
    92100    char *value;
    93 } mod_gnutls_char_buffer_t;
     101} mgs_char_buffer_t;
    94102
    95103typedef struct
    96104{
    97     mod_gnutls_srvconf_rec *sc;
     105    mgs_srvconf_rec *sc;
    98106    conn_rec* c;
    99107    gnutls_session_t session;
     
    104112    apr_read_type_e input_block;
    105113    ap_input_mode_t input_mode;
    106     mod_gnutls_char_buffer_t input_cbuf;
     114    mgs_char_buffer_t input_cbuf;
    107115    char input_buffer[AP_IOBUFSIZE];
    108116
     
    116124    int status;
    117125    int non_https;
    118 } mod_gnutls_handle_t;
     126} mgs_handle_t;
    119127
    120128/** Functions in gnutls_io.c **/
    121129
    122130/**
    123  * mod_gnutls_filter_input will filter the input data
     131 * mgs_filter_input will filter the input data
    124132 * by decrypting it using GnuTLS and passes it cleartext.
    125133 *
     
    130138 * @return result status
    131139 */
    132 apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
     140apr_status_t mgs_filter_input(ap_filter_t * f,
    133141                                     apr_bucket_brigade * bb,
    134142                                     ap_input_mode_t mode,
     
    137145
    138146/**
    139  * mod_gnutls_filter_output will filter the encrypt
     147 * mgs_filter_output will filter the encrypt
    140148 * the incoming bucket using GnuTLS and passes it onto the next filter.
    141149 *
     
    144152 * @return result status
    145153 */
    146 apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
     154apr_status_t mgs_filter_output(ap_filter_t * f,
    147155                                      apr_bucket_brigade * bb);
    148156
    149157
    150158/**
    151  * mod_gnutls_transport_read is called from GnuTLS to provide encrypted
     159 * mgs_transport_read is called from GnuTLS to provide encrypted
    152160 * data from the client.
    153161 *
     
    157165 * @return size   length of the data stored in buffer
    158166 */
    159 ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
     167ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
    160168                                  void *buffer, size_t len);
    161169
    162170/**
    163  * mod_gnutls_transport_write is called from GnuTLS to
     171 * mgs_transport_write is called from GnuTLS to
    164172 * write data to the client.
    165173 *
     
    169177 * @return size   length of the data written
    170178 */
    171 ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
     179ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
    172180                                   const void *buffer, size_t len);
    173181
    174182
     183int mgs_rehandshake(mgs_handle_t * ctxt);
     184
     185
     186
    175187/**
    176188 * Init the Cache after Configuration is done
    177189 */
    178 int mod_gnutls_cache_post_config(apr_pool_t *p, server_rec *s,
    179                                  mod_gnutls_srvconf_rec *sc);
     190int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
     191                                 mgs_srvconf_rec *sc);
    180192/**
    181193 * Init the Cache inside each Process
    182194 */
    183 int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,
    184                                 mod_gnutls_srvconf_rec *sc);
     195int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
     196                                mgs_srvconf_rec *sc);
    185197/**
    186198 * Setup the Session Caching
    187199 */
    188 int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt);
     200int mgs_cache_session_init(mgs_handle_t *ctxt);
    189201
    190202#define GNUTLS_SESSION_ID_STRING_LEN \
     
    198210 * @param strsize The Maximum Length that can be stored in str
    199211 */
    200 char *mod_gnutls_session_id2sz(unsigned char *id, int idlen,
     212char *mgs_session_id2sz(unsigned char *id, int idlen,
    201213                                char *str, int strsize);
    202214
     215
     216/* Configuration Functions */
     217
     218const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
     219                                        const char *arg);
     220
     221const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
     222                             const char *arg);
     223
     224const char *mgs_set_cache(cmd_parms * parms, void *dummy,
     225                          const char *type, const char* arg);
     226
     227const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
     228                                  const char *arg);
     229
     230const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
     231                                  const char *arg);
     232
     233const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
     234                                   const char *arg);
     235
     236const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
     237                            const char *arg);
     238
     239void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
     240
     241void *mgs_config_dir_create(apr_pool_t *p, char *dir);
     242
     243mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
     244
     245/* mod_gnutls Hooks. */
     246
     247int mgs_hook_pre_config(apr_pool_t * pconf,
     248                        apr_pool_t * plog, apr_pool_t * ptemp);
     249
     250int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
     251                         apr_pool_t * ptemp,
     252                         server_rec * base_server);
     253
     254void mgs_hook_child_init(apr_pool_t *p, server_rec *s);
     255
     256const char *mgs_hook_http_scheme(const request_rec * r);
     257
     258apr_port_t mgs_hook_default_port(const request_rec * r);
     259
     260int mgs_hook_pre_connection(conn_rec * c, void *csd);
     261
     262int mgs_hook_fixups(request_rec *r);
     263
     264int mgs_hook_authz(request_rec *r);
     265
    203266#endif /*  __mod_gnutls_h_inc */
  • m4/apache.m4

    rb67ea18 r1c87791  
    44dnl Test for Apache apxs, APR, and APU
    55
    6 AC_DEFUN(CHECK_APACHE,
     6AC_DEFUN([CHECK_APACHE],
    77[dnl
    88AC_ARG_WITH(
     
    7575                    AP_VERSION="2.0"
    7676                    APXS_EXTENSION=.la
     77                    if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then
     78                        AC_DEFINE(HAVE_MOD_STATUS_H,1,[Define to 1 if mod_status.h and the mod_Status hook are available])
     79                    fi
    7780                    AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES"
    7881                    AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES"
  • m4/apache_test.m4

    rb67ea18 r1c87791  
    22dnl Test for Apache
    33dnl
    4 AC_DEFUN(TEST_APACHE_VERSION,
     4AC_DEFUN([TEST_APACHE_VERSION],
    55[dnl
    66    AC_REQUIRE([AC_CANONICAL_TARGET])
  • m4/apr_memcache.m4

    rb67ea18 r1c87791  
    33dnl Sets:
    44dnl  APR_MEMCACHE_LIBS
    5 AC_DEFUN(CHECK_APR_MEMCACHE,
     5AC_DEFUN([CHECK_APR_MEMCACHE],
    66[dnl
    77
  • m4/libgnutls.m4

    rb67ea18 r1c87791  
    11dnl Check for libgnutls libraries
    22dnl CHECK_LIBGNUTLS(MINIMUM-VERSION)
    3 AC_DEFUN(CHECK_LIBGNUTLS,
     3AC_DEFUN([CHECK_LIBGNUTLS],
    44[dnl
    55
  • m4/outoforder.m4

    rb67ea18 r1c87791  
    55dnl regenerates the output files. config.nice is useful after you rebuild
    66dnl ./configure (via autoconf or autogen.sh)
    7 AC_DEFUN(OOO_CONFIG_NICE,[
     7AC_DEFUN([OOO_CONFIG_NICE],[
    88  echo configure: creating $1
    99  rm -f $1
     
    2626dnl this macro adds a maintainer mode option to enable programmer specific
    2727dnl  code in makefiles
    28 AC_DEFUN(OOO_MAINTAIN_MODE,[
     28AC_DEFUN([OOO_MAINTAIN_MODE],[
    2929  AC_ARG_ENABLE(
    3030        maintainer,
  • src/Makefile.am

    rb67ea18 r1c87791  
    11CLEANFILES = .libs/libmod_gnutls *~
    22
    3 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c
     3libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
    44libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
    55libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}
  • src/Makefile.in

    rb67ea18 r1c87791  
    6363libmod_gnutls_la_LIBADD =
    6464am_libmod_gnutls_la_OBJECTS = libmod_gnutls_la-mod_gnutls.lo \
    65         libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo
     65        libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo \
     66        libmod_gnutls_la-gnutls_config.lo \
     67        libmod_gnutls_la-gnutls_hooks.lo
    6668libmod_gnutls_la_OBJECTS = $(am_libmod_gnutls_la_OBJECTS)
    6769DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
     
    197199target_vendor = @target_vendor@
    198200CLEANFILES = .libs/libmod_gnutls *~
    199 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c
     201libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
    200202libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
    201203libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}
     
    271273
    272274@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_cache.Plo@am__quote@
     275@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo@am__quote@
     276@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo@am__quote@
    273277@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_io.Plo@am__quote@
    274278@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-mod_gnutls.Plo@am__quote@
     
    315319@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
    316320@am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo '$(srcdir)/'`gnutls_cache.c
     321
     322libmod_gnutls_la-gnutls_config.lo: gnutls_config.c
     323@am__fastdepCC_TRUE@    if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_config.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c; \
     324@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo"; exit 1; fi
     325@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='gnutls_config.c' object='libmod_gnutls_la-gnutls_config.lo' libtool=yes @AMDEPBACKSLASH@
     326@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
     327@am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c
     328
     329libmod_gnutls_la-gnutls_hooks.lo: gnutls_hooks.c
     330@am__fastdepCC_TRUE@    if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_hooks.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c; \
     331@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo"; exit 1; fi
     332@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='gnutls_hooks.c' object='libmod_gnutls_la-gnutls_hooks.lo' libtool=yes @AMDEPBACKSLASH@
     333@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
     334@am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c
    317335
    318336mostlyclean-libtool:
  • src/gnutls_cache.c

    rb67ea18 r1c87791  
    5454}
    5555
    56 char *mod_gnutls_session_id2sz(unsigned char *id, int idlen,
     56char *mgs_session_id2sz(unsigned char *id, int idlen,
    5757                               char *str, int strsize)
    5858{
     
    8080static apr_memcache_t* mc;
    8181
    82 int mc_cache_child_init(apr_pool_t *p, server_rec *s,
    83                                 mod_gnutls_srvconf_rec *sc)
     82static int mc_cache_child_init(apr_pool_t *p, server_rec *s,
     83                                mgs_srvconf_rec *sc)
    8484{
    8585    apr_status_t rv = APR_SUCCESS;
     
    167167{
    168168    apr_status_t rv = APR_SUCCESS;
    169     mod_gnutls_handle_t *ctxt = baton;
     169    mgs_handle_t *ctxt = baton;
    170170    char buf[STR_SESSION_LEN];
    171171    char* strkey = NULL;
     
    194194{
    195195    apr_status_t rv = APR_SUCCESS;
    196     mod_gnutls_handle_t *ctxt = baton;
     196    mgs_handle_t *ctxt = baton;
    197197    char buf[STR_SESSION_LEN];
    198198    char* strkey = NULL;
     
    210210
    211211    if (rv != APR_SUCCESS) {
     212#if MOD_GNUTLS_DEBUG
    212213        ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
    213214                     ctxt->c->base_server,
    214215                     "[gnutls_cache] error fetching key '%s' ",
    215216                     strkey);
    216 
     217#endif
    217218        data.size = 0;
    218219        data.data = NULL;
     
    234235{
    235236    apr_status_t rv = APR_SUCCESS;
    236     mod_gnutls_handle_t *ctxt = baton;
     237    mgs_handle_t *ctxt = baton;
    237238    char buf[STR_SESSION_LEN];
    238239    char* strkey = NULL;
     
    259260#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
    260261
    261 static int dbm_cache_expire(mod_gnutls_handle_t *ctxt)
     262static int dbm_cache_expire(mgs_handle_t *ctxt)
    262263{
    263264    apr_status_t rv;
     
    346347    apr_datum_t dbmkey;
    347348    apr_datum_t dbmval;
    348     mod_gnutls_handle_t *ctxt = baton;
     349    mgs_handle_t *ctxt = baton;
    349350    apr_status_t rv;
    350351
     
    395396    apr_datum_t dbmkey;
    396397    apr_datum_t dbmval;
    397     mod_gnutls_handle_t *ctxt = baton;
     398    mgs_handle_t *ctxt = baton;
    398399    apr_status_t rv;
    399400    apr_time_t expiry;
     
    448449    apr_dbm_t *dbm;
    449450    apr_datum_t dbmkey;
    450     mod_gnutls_handle_t *ctxt = baton;
     451    mgs_handle_t *ctxt = baton;
    451452    apr_status_t rv;
    452453   
     
    483484
    484485static int dbm_cache_post_config(apr_pool_t *p, server_rec *s,
    485                                 mod_gnutls_srvconf_rec *sc)
     486                                mgs_srvconf_rec *sc)
    486487{
    487488    apr_status_t rv;
     
    518519}
    519520
    520 int mod_gnutls_cache_post_config(apr_pool_t *p, server_rec *s,
    521                                  mod_gnutls_srvconf_rec *sc)
    522 {
    523     if (sc->cache_type == mod_gnutls_cache_dbm) {
     521int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
     522                                 mgs_srvconf_rec *sc)
     523{
     524    if (sc->cache_type == mgs_cache_dbm) {
    524525        return dbm_cache_post_config(p, s, sc);
    525526    }
     
    527528}
    528529
    529 int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,
    530                                 mod_gnutls_srvconf_rec *sc)
    531 {
    532     if (sc->cache_type == mod_gnutls_cache_dbm) {
     530int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
     531                                mgs_srvconf_rec *sc)
     532{
     533    if (sc->cache_type == mgs_cache_dbm) {
    533534        return 0;
    534535    }
    535536#if HAVE_APR_MEMCACHE
    536     else if (sc->cache_type == mod_gnutls_cache_memcache) {
     537    else if (sc->cache_type == mgs_cache_memcache) {
    537538        return mc_cache_child_init(p, s, sc);
    538539    }
     
    543544 #include <assert.h>
    544545
    545 int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt)
    546 {
    547     if (ctxt->sc->cache_type == mod_gnutls_cache_dbm) {
     546int mgs_cache_session_init(mgs_handle_t *ctxt)
     547{
     548    if (ctxt->sc->cache_type == mgs_cache_dbm) {
    548549        gnutls_db_set_retrieve_function(ctxt->session, dbm_cache_fetch);
    549550        gnutls_db_set_remove_function(ctxt->session, dbm_cache_delete);
     
    552553    }
    553554#if HAVE_APR_MEMCACHE
    554     else if (ctxt->sc->cache_type == mod_gnutls_cache_memcache) {
     555    else if (ctxt->sc->cache_type == mgs_cache_memcache) {
    555556        gnutls_db_set_retrieve_function(ctxt->session, mc_cache_fetch);
    556557        gnutls_db_set_remove_function(ctxt->session, mc_cache_delete);
  • src/gnutls_io.c

    rb67ea18 r1c87791  
    3636                                           apr_status_t status)
    3737{
    38     mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
     38    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
    3939    apr_bucket *bucket;
    4040
     
    6464}
    6565
    66 static int char_buffer_read(mod_gnutls_char_buffer_t * buffer, char *in,
     66static int char_buffer_read(mgs_char_buffer_t * buffer, char *in,
    6767                            int inl)
    6868{
     
    8888}
    8989
    90 static int char_buffer_write(mod_gnutls_char_buffer_t * buffer, char *in,
     90static int char_buffer_write(mgs_char_buffer_t * buffer, char *in,
    9191                             int inl)
    9292{
     
    182182
    183183
    184 static apr_status_t gnutls_io_input_read(mod_gnutls_handle_t * ctxt,
     184static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
    185185                                         char *buf, apr_size_t * len)
    186186{
     
    311311}
    312312
    313 static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt,
     313static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
    314314                                            char *buf, apr_size_t * len)
    315315{
     
    354354}
    355355
    356 
    357 static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
     356static int gnutls_do_handshake(mgs_handle_t * ctxt)
    358357{
    359358    int ret;
    360359    int errcode;
    361360    if (ctxt->status != 0) {
    362         return;
     361        return -1;
    363362    }
    364363
    365364tryagain:
    366 
    367     ret = gnutls_handshake(ctxt->session);
     365    do {
     366        ret = gnutls_handshake(ctxt->session);
     367    } while (ret == GNUTLS_E_AGAIN);
     368   
    368369    if (ret < 0) {
    369370        if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
     
    381382            goto tryagain;
    382383        }
    383 
     384#if USING_2_1_RECENT
     385        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
     386                     "GnuTLS: Handshake Failed (%d) '%s'", ret,
     387                      gnutls_strerror(ret));
     388#else
    384389        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
    385390                     "GnuTLS: Handshake Failed (%d) '%s'", ret,
    386                       gnutls_strerror(ret));
     391                     gnutls_strerror(ret));
     392#endif
    387393        ctxt->status = -1;
    388394        gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
    389395                          gnutls_error_to_alert(ret, NULL));
    390396        gnutls_deinit(ctxt->session);
    391         return;
     397        return ret;
    392398    }
    393399    else {
     400        /* all done with the handshake */
    394401        ctxt->status = 1;
    395         return;             /* all done with the handshake */
    396     }
    397 }
    398 
    399 
    400 apr_status_t mod_gnutls_filter_input(ap_filter_t* f,
     402        /* If the session was resumed, we did not set the correct
     403         * server_rec in ctxt->sc.  Go Find it. (ick!)
     404         */
     405        if (gnutls_session_is_resumed(ctxt->session)) {
     406            mgs_srvconf_rec* sc;
     407            sc = mgs_find_sni_server(ctxt->session);
     408            if (sc) {
     409                ctxt->sc = sc;
     410            }
     411        }
     412        return 0;
     413    }
     414}
     415
     416int mgs_rehandshake(mgs_handle_t * ctxt)
     417{
     418    int rv;
     419
     420    rv = gnutls_rehandshake(ctxt->session);
     421   
     422    if (rv != 0) {
     423        /* the client did not want to rehandshake. goodbye */
     424        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
     425                     "GnuTLS: Client Refused Rehandshake request.");
     426        return -1;
     427    }
     428   
     429    ctxt->status = 0;
     430
     431    rv = gnutls_do_handshake(ctxt);
     432
     433    return rv;
     434}
     435
     436
     437apr_status_t mgs_filter_input(ap_filter_t* f,
    401438                                     apr_bucket_brigade * bb,
    402439                                     ap_input_mode_t mode,
     
    405442{
    406443    apr_status_t status = APR_SUCCESS;
    407     mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
     444    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
    408445    apr_size_t len = sizeof(ctxt->input_buffer);
    409446
     
    415452
    416453    if (ctxt->status == 0) {
    417         char* server_name;
    418         int server_type;
    419         int data_len = 256;
    420        
    421454        gnutls_do_handshake(ctxt);
    422        
    423         /**
    424          * Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1
    425          * Server Name Indication.
    426          */
    427         server_name = apr_palloc(ctxt->c->pool, data_len);
    428         if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
    429             if (server_type == GNUTLS_NAME_DNS) {
    430                 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
    431                              ctxt->c->base_server,
    432                              "GnuTLS: TLS 1.1 Server Name: "
    433                              "%s", server_name);
    434                
    435             }
    436         }
    437455    }
    438456
     
    481499}
    482500
    483 apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
     501apr_status_t mgs_filter_output(ap_filter_t * f,
    484502                                      apr_bucket_brigade * bb)
    485503{
    486504    apr_size_t ret;
    487505    apr_bucket* e;
    488     mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
     506    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
    489507    apr_status_t status = APR_SUCCESS;
    490508    apr_read_type_e rblock = APR_NONBLOCK_READ;
     
    585603}
    586604
    587 ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
     605ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
    588606                                  void *buffer, size_t len)
    589607{
    590     mod_gnutls_handle_t *ctxt = ptr;
     608    mgs_handle_t *ctxt = ptr;
    591609    apr_status_t rc;
    592610    apr_size_t in = len;
     
    652670
    653671
    654 static ssize_t write_flush(mod_gnutls_handle_t * ctxt)
     672static ssize_t write_flush(mgs_handle_t * ctxt)
    655673{
    656674    apr_bucket *e;
     
    684702}
    685703
    686 ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
     704ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
    687705                                   const void *buffer, size_t len)
    688706{
    689     mod_gnutls_handle_t *ctxt = ptr;
     707    mgs_handle_t *ctxt = ptr;
    690708
    691709    /* pass along the encrypted data
  • src/mod_gnutls.c

    rb67ea18 r1c87791  
    1818#include "mod_gnutls.h"
    1919
    20 #if APR_HAS_THREADS
    21 GCRY_THREAD_OPTION_PTHREAD_IMPL;
     20
     21static void gnutls_hooks(apr_pool_t * p)
     22{
     23    ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL,
     24                           APR_HOOK_MIDDLE);
     25    ap_hook_post_config(mgs_hook_post_config, NULL, NULL,
     26                        APR_HOOK_MIDDLE);
     27    ap_hook_child_init(mgs_hook_child_init, NULL, NULL,
     28                       APR_HOOK_MIDDLE);
     29#if USING_2_1_RECENT
     30    ap_hook_http_scheme(mgs_hook_http_scheme, NULL, NULL,
     31                        APR_HOOK_MIDDLE);
     32#else
     33    ap_hook_http_method(mgs_hook_http_scheme, NULL, NULL,
     34                        APR_HOOK_MIDDLE);
    2235#endif
    23 
    24 #if MOD_GNUTLS_DEBUG
    25 static apr_file_t* debug_log_fp;
    26 #endif
    27 
    28 static apr_status_t mod_gnutls_cleanup_pre_config(void *data)
    29 {
    30     gnutls_global_deinit();
    31     return APR_SUCCESS;
    32 }
    33 
    34 #if MOD_GNUTLS_DEBUG
    35 static void gnutls_debug_log_all( int level, const char* str)
    36 {
    37     apr_file_printf(debug_log_fp, "<%d> %s\n", level, str);
    38 }
    39 #endif
    40 
    41 static int mod_gnutls_hook_pre_config(apr_pool_t * pconf,
    42                                       apr_pool_t * plog, apr_pool_t * ptemp)
    43 {
    44 
    45 #if APR_HAS_THREADS
    46     /* TODO: Check MPM Type here */
    47     gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
    48 #endif
    49 
    50     gnutls_global_init();
    51 
    52     apr_pool_cleanup_register(pconf, NULL, mod_gnutls_cleanup_pre_config,
    53                               apr_pool_cleanup_null);
    54 
    55 #if MOD_GNUTLS_DEBUG
    56     apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
    57                   APR_APPEND|APR_WRITE|APR_CREATE, APR_OS_DEFAULT, pconf);
    58 
    59     gnutls_global_set_log_level(9);
    60     gnutls_global_set_log_function(gnutls_debug_log_all);
    61 #endif
    62 
    63     return OK;
     36    ap_hook_default_port(mgs_hook_default_port, NULL, NULL,
     37                         APR_HOOK_MIDDLE);
     38    ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL,
     39                       APR_HOOK_MIDDLE);
     40   
     41    ap_hook_access_checker(mgs_hook_authz, NULL, NULL, APR_HOOK_REALLY_FIRST);
     42   
     43    ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
     44   
     45    /* TODO: HTTP Upgrade Filter */
     46    /* ap_register_output_filter ("UPGRADE_FILTER",
     47        *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
     48*/
     49    ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
     50                             mgs_filter_input, NULL,
     51                             AP_FTYPE_CONNECTION + 5);
     52    ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
     53                              mgs_filter_output, NULL,
     54                              AP_FTYPE_CONNECTION + 5);
    6455}
    6556
    6657
    67 static gnutls_datum load_params(const char* file, server_rec* s,
    68                                 apr_pool_t* pool)
    69 {
    70     gnutls_datum ret = { NULL, 0 };
    71     apr_file_t* fp;
    72     apr_finfo_t finfo;
    73     apr_status_t rv;
    74     apr_size_t br = 0;
    75 
    76     rv = apr_file_open(&fp, file, APR_READ|APR_BINARY, APR_OS_DEFAULT,
    77                        pool);
    78     if (rv != APR_SUCCESS) {
    79         ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
    80                      "GnuTLS failed to load params file at: %s", file);
    81         return ret;
    82     }
    83 
    84     rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
    85 
    86     if (rv != APR_SUCCESS) {
    87         ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
    88                      "GnuTLS failed to stat params file at: %s", file);
    89         return ret;
    90     }
    91 
    92     ret.data = apr_palloc(pool, finfo.size+1);
    93     rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
    94 
    95     if (rv != APR_SUCCESS) {
    96         ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
    97                      "GnuTLS failed to read params file at: %s", file);
    98         return ret;
    99     }
    100 
    101     ret.data[br] = '\0';
    102     ret.size = br;
    103 
    104     return ret;
    105 }
    106 
    107 static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
    108                                        apr_pool_t * ptemp,
    109                                        server_rec * base_server)
    110 {
    111     int rv;
    112     server_rec *s;
    113     gnutls_dh_params_t dh_params;
    114     gnutls_rsa_params_t rsa_params;
    115     mod_gnutls_srvconf_rec *sc;
    116     mod_gnutls_srvconf_rec *sc_base;
    117     void *data = NULL;
    118     int first_run = 0;
    119     const char *userdata_key = "mod_gnutls_init";
    120          
    121     apr_pool_userdata_get(&data, userdata_key, base_server->process->pool);
    122     if (data == NULL) {
    123         first_run = 1;
    124         apr_pool_userdata_set((const void *)1, userdata_key,
    125                               apr_pool_cleanup_null,
    126                               base_server->process->pool);
    127     }
    128 
    129 
    130     if (!first_run) {
    131         gnutls_datum pdata;
    132         apr_pool_t* tpool;
    133         s = base_server;
    134         sc_base = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
    135                                                              &gnutls_module);
    136 
    137         apr_pool_create(&tpool, p);
    138 
    139         gnutls_dh_params_init(&dh_params);
    140 
    141         pdata = load_params(sc_base->dh_params_file, s, tpool);
    142 
    143         if (pdata.size != 0) {
    144             rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
    145                                                GNUTLS_X509_FMT_PEM);
    146             if (rv != 0) {
    147                 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    148                              "GnuTLS: Unable to load DH Params: (%d) %s",
    149                              rv, gnutls_strerror(rv));
    150                 exit(rv);
    151             }
    152         }
    153         else {
    154             ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    155                          "GnuTLS: Unable to load DH Params."
    156                          " Shutting Down.");
    157             exit(-1);
    158         }
    159         apr_pool_clear(tpool);
    160 
    161         gnutls_rsa_params_init(&rsa_params);
    162 
    163         pdata = load_params(sc_base->rsa_params_file, s, tpool);
    164 
    165         if (pdata.size != 0) {
    166             rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata,
    167                                                 GNUTLS_X509_FMT_PEM);
    168             if (rv != 0) {
    169                 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    170                              "GnuTLS: Unable to load RSA Params: (%d) %s",
    171                              rv, gnutls_strerror(rv));
    172                 exit(rv);
    173             }
    174         }
    175         else {
    176             ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    177                          "GnuTLS: Unable to load RSA Params."
    178                          " Shutting Down.");
    179             exit(-1);
    180         }
    181 
    182         apr_pool_destroy(tpool);
    183         rv = mod_gnutls_cache_post_config(p, s, sc_base);
    184         if (rv != 0) {
    185             ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
    186                          "GnuTLS: Post Config for GnuTLSCache Failed."
    187                          " Shutting Down.");
    188             exit(-1);
    189         }
    190          
    191         for (s = base_server; s; s = s->next) {
    192             sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
    193                                                                  &gnutls_module);
    194             sc->cache_type = sc_base->cache_type;
    195             sc->cache_config = sc_base->cache_config;
    196 
    197             if (sc->cert_file != NULL && sc->key_file != NULL) {
    198 
    199                 rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file,
    200                                                  sc->key_file,
    201                                                  GNUTLS_X509_FMT_PEM);
    202                 if (rv != 0) {
    203                     ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
    204                          "[GnuTLS] - Host '%s:%d' has an invalid key or certificate:"
    205                          "(%s,%s) (%d) %s",
    206                          s->server_hostname, s->port, sc->cert_file, sc->key_file,
    207                          rv, gnutls_strerror(rv));
    208                 }
    209                 else {
    210                     gnutls_certificate_set_rsa_export_params(sc->certs,
    211                                                      rsa_params);
    212                     gnutls_certificate_set_dh_params(sc->certs, dh_params);
    213                 }
    214             }
    215             else if (sc->enabled == GNUTLS_ENABLED_TRUE) {
    216                 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
    217                              "[GnuTLS] - Host '%s:%d' is missing a "
    218                              "Cert and Key File!",
    219                          s->server_hostname, s->port);
    220             }
    221         }
    222     } /* first_run */
    223 
    224     ap_add_version_component(p, "mod_gnutls/" MOD_GNUTLS_VERSION);
    225 
    226     return OK;
    227 }
    228 
    229 static void mod_gnutls_hook_child_init(apr_pool_t *p, server_rec *s)
    230 {
    231     apr_status_t rv = APR_SUCCESS;
    232     mod_gnutls_srvconf_rec *sc = ap_get_module_config(s->module_config,
    233                                                       &gnutls_module);
    234 
    235     if (sc->cache_type != mod_gnutls_cache_none) {
    236         rv = mod_gnutls_cache_child_init(p, s, sc);
    237         if(rv != APR_SUCCESS) {
    238             ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
    239                              "[GnuTLS] - Failed to run Cache Init");
    240         }
    241     }
    242     else {
    243         ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
    244                      "[GnuTLS] - No Cache Configured. Hint: GnuTLSCache");
    245     }
    246 }
    247 
    248 static const char *mod_gnutls_hook_http_scheme(const request_rec * r)
    249 {
    250     mod_gnutls_srvconf_rec *sc =
    251         (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server->
    252                                                         module_config,
    253                                                         &gnutls_module);
    254 
    255     if (sc->enabled == GNUTLS_ENABLED_FALSE) {
    256         return NULL;
    257     }
    258 
    259     return "https";
    260 }
    261 
    262 static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
    263 {
    264     mod_gnutls_srvconf_rec *sc =
    265         (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server->
    266                                                         module_config,
    267                                                         &gnutls_module);
    268 
    269     if (sc->enabled == GNUTLS_ENABLED_FALSE) {
    270         return 0;
    271     }
    272 
    273     return 443;
    274 }
    275 
    276 /* TODO: Complete support for Server Name Indication */
    277 static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret)
    278 {
    279     char* server_name;
    280     int server_type;
    281     int data_len = 256;
    282     mod_gnutls_handle_t *ctxt;   
    283     ctxt = gnutls_transport_get_ptr(session);
    284 
    285     ret->type = GNUTLS_CRT_X509;
    286     ret->ncerts = 1;
    287     server_name = apr_palloc(ctxt->c->pool, data_len);
    288     if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
    289         if (server_type == GNUTLS_NAME_DNS) {
    290             ap_log_error(APLOG_MARK, APLOG_INFO, 0,
    291                          ctxt->c->base_server,
    292                          "GnuTLS: Virtual Host: "
    293                          "%s", server_name);
    294         }
    295     }
    296 
    297     return 0;
    298 }
    299 
    300 static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
    301 {
    302     mod_gnutls_handle_t *ctxt;
    303     mod_gnutls_srvconf_rec *sc =
    304         (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server->
    305                                                         module_config,
    306                                                         &gnutls_module);
    307 
    308     ctxt = apr_pcalloc(pool, sizeof(*ctxt));
    309     ctxt->c = c;
    310     ctxt->sc = sc;
    311     ctxt->status = 0;
    312 
    313     ctxt->input_rc = APR_SUCCESS;
    314     ctxt->input_bb = apr_brigade_create(c->pool, c->bucket_alloc);
    315     ctxt->input_cbuf.length = 0;
    316 
    317     ctxt->output_rc = APR_SUCCESS;
    318     ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc);
    319     ctxt->output_blen = 0;
    320     ctxt->output_length = 0;
    321 
    322     gnutls_init(&ctxt->session, GNUTLS_SERVER);
    323 
    324     gnutls_protocol_set_priority(ctxt->session, sc->protocol);
    325     gnutls_cipher_set_priority(ctxt->session, sc->ciphers);
    326     gnutls_compression_set_priority(ctxt->session, sc->compression);
    327     gnutls_kx_set_priority(ctxt->session, sc->key_exchange);
    328     gnutls_mac_set_priority(ctxt->session, sc->macs);
    329     gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types);
    330 
    331     gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs);
    332 
    333     gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE);
    334 
    335     mod_gnutls_cache_session_init(ctxt);
    336 
    337     /* TODO: Finish Support for Server Name Indication */
    338     /* gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); */
    339     return ctxt;
    340 }
    341 
    342 static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
    343 {
    344     mod_gnutls_handle_t *ctxt;
    345     mod_gnutls_srvconf_rec *sc =
    346         (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server->
    347                                                         module_config,
    348                                                         &gnutls_module);
    349 
    350     if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
    351         return DECLINED;
    352     }
    353 
    354     ctxt = create_gnutls_handle(c->pool, c);
    355 
    356     ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
    357 
    358     gnutls_transport_set_pull_function(ctxt->session,
    359                                        mod_gnutls_transport_read);
    360     gnutls_transport_set_push_function(ctxt->session,
    361                                        mod_gnutls_transport_write);
    362     gnutls_transport_set_ptr(ctxt->session, ctxt);
    363    
    364     ctxt->input_filter = ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt,
    365                                              NULL, c);
    366     ctxt->output_filter = ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt,
    367                                                NULL, c);
    368 
    369     return OK;
    370 }
    371 
    372 static int mod_gnutls_hook_fixups(request_rec *r)
    373 {
    374     unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
    375     char buf[GNUTLS_SESSION_ID_STRING_LEN];
    376     const char* tmp;
    377     int len;
    378     mod_gnutls_handle_t *ctxt;
    379     apr_table_t *env = r->subprocess_env;
    380 
    381     ctxt = ap_get_module_config(r->connection->conn_config, &gnutls_module);
    382 
    383     if(!ctxt) {
    384         return DECLINED;
    385     }
    386 
    387     apr_table_setn(env, "HTTPS", "on");
    388 
    389     apr_table_setn(env, "GNUTLS_VERSION_INTERFACE", MOD_GNUTLS_VERSION);
    390     apr_table_setn(env, "GNUTLS_VERSION_LIBRARY", LIBGNUTLS_VERSION);
    391 
    392     apr_table_setn(env, "SSL_PROTOCOL",
    393                    gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session)));
    394 
    395     apr_table_setn(env, "SSL_CIPHER",
    396                    gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session)));
    397 
    398     apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
    399 
    400     tmp = apr_psprintf(r->pool, "%d",
    401               8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session)));
    402 
    403     apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp);
    404 
    405     apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp);
    406 
    407     len = sizeof(sbuf);
    408     gnutls_session_get_id(ctxt->session, sbuf, &len);
    409     tmp = mod_gnutls_session_id2sz(sbuf, len, buf, sizeof(buf));
    410     apr_table_setn(env, "SSL_SESSION_ID", tmp);
    411    
    412     return OK;
    413 }
    414 
    415 static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy,
    416                                         const char *arg)
    417 {
    418     mod_gnutls_srvconf_rec *sc =
    419         (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
    420                                                         module_config,
    421                                                         &gnutls_module);
    422     sc->cert_file = ap_server_root_relative(parms->pool, arg);
    423     return NULL;
    424 }
    425 
    426 static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy,
    427                                        const char *arg)
    428 {
    429     mod_gnutls_srvconf_rec *sc =
    430         (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
    431                                                         module_config,
    432                                                         &gnutls_module);
    433    
    434     sc->key_file = ap_server_root_relative(parms->pool, arg);
    435     return NULL;
    436 }
    437 
    438 static const char *gnutls_set_cache(cmd_parms * parms, void *dummy,
    439                                        const char *type, const char* arg)
    440 {
    441     const char* err;
    442     mod_gnutls_srvconf_rec *sc = ap_get_module_config(parms->server->
    443                                                         module_config,
    444                                                         &gnutls_module);
    445     if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
    446         return err;
    447     }
    448 
    449     if (strcasecmp("none", type) == 0) {
    450         sc->cache_type = mod_gnutls_cache_none;
    451     }
    452     else if (strcasecmp("dbm", type) == 0) {
    453         sc->cache_type = mod_gnutls_cache_dbm;
    454     }
    455 #if HAVE_APR_MEMCACHE
    456     else if (strcasecmp("memcache", type) == 0) {
    457         sc->cache_type = mod_gnutls_cache_memcache;
    458     }
    459 #endif
    460     else {
    461         return "Invalid Type for GnuTLSCache!";
    462     }
    463 
    464     if (sc->cache_type == mod_gnutls_cache_dbm) {
    465         sc->cache_config = ap_server_root_relative(parms->pool, arg);
    466     }
    467     else {
    468         sc->cache_config = apr_pstrdup(parms->pool, arg);
    469     }
    470 
    471     return NULL;
    472 }
    473 
    474 static const char *gnutls_set_enabled(cmd_parms * parms, void *dummy,
    475                                       const char *arg)
    476 {
    477     mod_gnutls_srvconf_rec *sc =
    478         (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
    479                                                         module_config,
    480                                                         &gnutls_module);
    481     if (!strcasecmp(arg, "On")) {
    482         sc->enabled = GNUTLS_ENABLED_TRUE;
    483     }
    484     else if (!strcasecmp(arg, "Off")) {
    485         sc->enabled = GNUTLS_ENABLED_FALSE;
    486     }
    487     else {
    488         return "GnuTLSEnable must be set to 'On' or 'Off'";
    489     }
    490 
    491     return NULL;
    492 }
    493 
    494 static const command_rec gnutls_cmds[] = {
    495     AP_INIT_TAKE1("GnuTLSCertificateFile", gnutls_set_cert_file,
     58static const command_rec mgs_config_cmds[] = {
     59    AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
     60                  NULL,
     61                  RSRC_CONF|OR_AUTHCFG,
     62                  "Set Verification Requirements of the Client Certificate"),
     63    AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file,
     64                  NULL,
     65                  RSRC_CONF,
     66                  "Set the CA File for Client Certificates"),
     67    AP_INIT_TAKE1("GnuTLSCertificateFile", mgs_set_cert_file,
    49668                  NULL,
    49769                  RSRC_CONF,
    49870                  "SSL Server Key file"),
    499     AP_INIT_TAKE1("GnuTLSKeyFile", gnutls_set_key_file,
     71    AP_INIT_TAKE1("GnuTLSKeyFile", mgs_set_key_file,
    50072                  NULL,
    50173                  RSRC_CONF,
    50274                  "SSL Server Certificate file"),
    503     AP_INIT_TAKE2("GnuTLSCache", gnutls_set_cache,
     75    AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
     76                  NULL,
     77                  RSRC_CONF,
     78                  "Cache Timeout"),
     79    AP_INIT_TAKE2("GnuTLSCache", mgs_set_cache,
    50480                  NULL,
    50581                  RSRC_CONF,
    50682                  "Cache Configuration"),
    507     AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled,
     83    AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
    50884                  NULL, RSRC_CONF,
    50985                  "Whether this server has GnuTLS Enabled. Default: Off"),
    510 
     86   
    51187    {NULL}
    51288};
    51389
    514 /* TODO: CACertificateFile & Client Authentication
    515  *    AP_INIT_TAKE1("GnuTLSCACertificateFile", ap_set_server_string_slot,
    516  *                 (void *) APR_OFFSETOF(gnutls_srvconf_rec, key_file), NULL,
    517  *                 RSRC_CONF,
    518  *                 "CA"),
    519  */
    520 
    521 static void gnutls_hooks(apr_pool_t * p)
    522 {
    523     ap_hook_pre_connection(mod_gnutls_hook_pre_connection, NULL, NULL,
    524                            APR_HOOK_MIDDLE);
    525     ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL,
    526                         APR_HOOK_MIDDLE);
    527     ap_hook_child_init(mod_gnutls_hook_child_init, NULL, NULL,
    528                         APR_HOOK_MIDDLE);
    529 #if USING_2_1_RECENT
    530     ap_hook_http_scheme(mod_gnutls_hook_http_scheme, NULL, NULL,
    531                         APR_HOOK_MIDDLE);
    532 #else
    533     ap_hook_http_method(mod_gnutls_hook_http_scheme, NULL, NULL,
    534                         APR_HOOK_MIDDLE);
    535 #endif
    536     ap_hook_default_port(mod_gnutls_hook_default_port, NULL, NULL,
    537                          APR_HOOK_MIDDLE);
    538     ap_hook_pre_config(mod_gnutls_hook_pre_config, NULL, NULL,
    539                        APR_HOOK_MIDDLE);
    540 
    541     ap_hook_fixups(mod_gnutls_hook_fixups, NULL, NULL, APR_HOOK_MIDDLE);
    542 
    543     /* TODO: HTTP Upgrade Filter */
    544     /* ap_register_output_filter ("UPGRADE_FILTER",
    545      *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
    546      */
    547     ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
    548                              mod_gnutls_filter_input, NULL,
    549                              AP_FTYPE_CONNECTION + 5);
    550     ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
    551                               mod_gnutls_filter_output, NULL,
    552                               AP_FTYPE_CONNECTION + 5);
    553 }
    554 
    555 static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
    556 {
    557     int i;
    558     mod_gnutls_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc));
    559 
    560     sc->enabled = GNUTLS_ENABLED_FALSE;
    561 
    562     gnutls_certificate_allocate_credentials(&sc->certs);
    563     sc->key_file = NULL;
    564     sc->cert_file = NULL;
    565     sc->cache_timeout = apr_time_from_sec(3600);
    566     sc->cache_type = mod_gnutls_cache_dbm;
    567     sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");
    568 
    569     /* TODO: Make this Configurable ! */
    570     sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile");
    571     sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile");
    572 
    573     /* TODO: Make this Configurable ! */
    574     /* meh. mod_ssl uses a flex based parser for this part.. sigh */
    575     i = 0;
    576     sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC;
    577     sc->ciphers[i++] = GNUTLS_CIPHER_AES_128_CBC;
    578     sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_128;
    579     sc->ciphers[i++] = GNUTLS_CIPHER_3DES_CBC;
    580     sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_40;
    581     sc->ciphers[i] = 0;
    582 
    583     i = 0;
    584     sc->key_exchange[i++] = GNUTLS_KX_RSA;
    585     sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT;
    586     sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS;
    587     sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA;
    588     sc->key_exchange[i++] = GNUTLS_KX_ANON_DH;
    589     sc->key_exchange[i++] = GNUTLS_KX_SRP;
    590     sc->key_exchange[i++] = GNUTLS_KX_SRP_RSA;
    591     sc->key_exchange[i++] = GNUTLS_KX_SRP_DSS;
    592     sc->key_exchange[i] = 0;
    593 
    594     i = 0;
    595     sc->macs[i++] = GNUTLS_MAC_SHA;
    596     sc->macs[i++] = GNUTLS_MAC_MD5;
    597     sc->macs[i++] = GNUTLS_MAC_RMD160;
    598     sc->macs[i] = 0;
    599 
    600     i = 0;
    601     sc->protocol[i++] = GNUTLS_TLS1_1;
    602     sc->protocol[i++] = GNUTLS_TLS1;
    603     sc->protocol[i++] = GNUTLS_SSL3;
    604     sc->protocol[i] = 0;
    605 
    606     i = 0;
    607     sc->compression[i++] = GNUTLS_COMP_NULL;
    608     sc->compression[i++] = GNUTLS_COMP_ZLIB;
    609     sc->compression[i++] = GNUTLS_COMP_LZO;
    610     sc->compression[i] = 0;
    611 
    612     i = 0;
    613     sc->cert_types[i++] = GNUTLS_CRT_X509;
    614     sc->cert_types[i] = 0;
    615  
    616     return sc;
    617 }
    618 
    619 
    620 
    62190module AP_MODULE_DECLARE_DATA gnutls_module = {
    62291    STANDARD20_MODULE_STUFF,
     92    mgs_config_dir_create,
    62393    NULL,
     94    mgs_config_server_create,
    62495    NULL,
    625     gnutls_config_server_create,
    626     NULL,
    627 /*    gnutls_config_server_merge, */
    628     gnutls_cmds,
     96    mgs_config_cmds,
    62997    gnutls_hooks
    63098};
Note: See TracChangeset for help on using the changeset viewer.