Changeset 23e98b3 in mod_gnutls
- Timestamp:
- Apr 9, 2018, 2:52:27 AM (2 years ago)
- Branches:
- debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- 4cdd4fd
- Parents:
- 235e109
- git-author:
- Fiona Klute <fiona.klute@…> (04/09/18 02:47:29)
- git-committer:
- Fiona Klute <fiona.klute@…> (04/09/18 02:52:27)
- Files:
-
- 2 edited
-
include/mod_gnutls.h.in (modified) (1 diff)
-
src/mod_gnutls.c (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
include/mod_gnutls.h.in
r235e109 r23e98b3 297 297 APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); 298 298 APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); 299 APR_DECLARE_OPTIONAL_FN(int, ssl_engine_set, (conn_rec *, 300 ap_conf_vector_t *, 301 int proxy, int enable)); 299 302 int ssl_is_https(conn_rec *c); 300 303 int ssl_proxy_enable(conn_rec *c); -
src/mod_gnutls.c
r235e109 r23e98b3 25 25 APLOG_USE_MODULE(gnutls); 26 26 #endif 27 28 int ssl_engine_set(conn_rec *c, 29 ap_conf_vector_t *dir_conf __attribute__((unused)), 30 int proxy, int enable); 27 31 28 32 static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) … … 66 70 APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); 67 71 APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); 72 APR_REGISTER_OPTIONAL_FN(ssl_engine_set); 68 73 69 74 /* mod_rewrite calls this function to detect HTTPS */ … … 99 104 100 105 101 int ssl_engine_disable(conn_rec *c) 102 { 103 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 104 ap_get_module_config(c->base_server->module_config, &gnutls_module); 105 if(sc->enabled == GNUTLS_ENABLED_FALSE) { 106 return 1; 107 } 108 109 /* disable TLS for this connection */ 106 /** 107 * In Apache versions from 2.4.33 mod_proxy uses this function to set 108 * up its client connections. Note that mod_gnutls does not (yet) 109 * implement per directory configuration for such connections. 110 * 111 * @param c the connection 112 * @param dir_conf per directory configuration, unused for now 113 * @param proxy Is this a proxy connection? 114 * @param enable Should TLS be enabled on this connection? 115 * 116 * @param `true` (1) if successful, `false` (0) otherwise 117 */ 118 int ssl_engine_set(conn_rec *c, 119 ap_conf_vector_t *dir_conf __attribute__((unused)), 120 int proxy, int enable) 121 { 110 122 mgs_handle_t *ctxt = init_gnutls_ctxt(c); 111 ctxt->enabled = GNUTLS_ENABLED_FALSE; 112 ctxt->is_proxy = GNUTLS_ENABLED_TRUE; 113 114 if (ctxt->input_filter) 115 ap_remove_input_filter(ctxt->input_filter); 116 if (ctxt->output_filter) 117 ap_remove_output_filter(ctxt->output_filter); 118 119 return 1; 120 } 121 122 int ssl_proxy_enable(conn_rec *c) 123 { 124 /* check if TLS proxy support is enabled */ 125 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 126 ap_get_module_config(c->base_server->module_config, &gnutls_module); 127 if (sc->proxy_enabled != GNUTLS_ENABLED_TRUE) 123 124 /* If TLS proxy has been requested, check if support is enabled 125 * for the server */ 126 if (proxy && (ctxt->sc->proxy_enabled != GNUTLS_ENABLED_TRUE)) 128 127 { 129 128 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, 130 129 "%s: mod_proxy requested TLS proxy, but not enabled " 131 "for %s", __func__, sc->cert_cn);130 "for %s", __func__, ctxt->sc->cert_cn); 132 131 return 0; 133 132 } 134 133 135 /* enable TLS for this connection */ 136 mgs_handle_t *ctxt = init_gnutls_ctxt(c); 137 ctxt->enabled = GNUTLS_ENABLED_TRUE; 138 ctxt->is_proxy = GNUTLS_ENABLED_TRUE; 134 if (proxy) 135 ctxt->is_proxy = GNUTLS_ENABLED_TRUE; 136 else 137 ctxt->is_proxy = GNUTLS_ENABLED_FALSE; 138 139 if (enable) 140 ctxt->enabled = GNUTLS_ENABLED_TRUE; 141 else 142 ctxt->enabled = GNUTLS_ENABLED_FALSE; 143 139 144 return 1; 145 } 146 147 int ssl_engine_disable(conn_rec *c) 148 { 149 return ssl_engine_set(c, NULL, 0, 0); 150 } 151 152 int ssl_proxy_enable(conn_rec *c) 153 { 154 return ssl_engine_set(c, NULL, 1, 1); 140 155 } 141 156
Note: See TracChangeset
for help on using the changeset viewer.
