Changeset 23e98b3 in mod_gnutls for src/mod_gnutls.c


Ignore:
Timestamp:
Apr 9, 2018, 2:52:27 AM (19 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
4cdd4fd
Parents:
235e109
git-author:
Fiona Klute <fiona.klute@…> (04/09/18 02:47:29)
git-committer:
Fiona Klute <fiona.klute@…> (04/09/18 02:52:27)
Message:

Implement ssl_engine_set as introduced by mod_ssl in Apache 2.4.33

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    r235e109 r23e98b3  
    2525APLOG_USE_MODULE(gnutls);
    2626#endif
     27
     28int ssl_engine_set(conn_rec *c,
     29                   ap_conf_vector_t *dir_conf __attribute__((unused)),
     30                   int proxy, int enable);
    2731
    2832static void gnutls_hooks(apr_pool_t * p __attribute__((unused)))
     
    6670    APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
    6771    APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
     72    APR_REGISTER_OPTIONAL_FN(ssl_engine_set);
    6873
    6974    /* mod_rewrite calls this function to detect HTTPS */
     
    99104
    100105
    101 int ssl_engine_disable(conn_rec *c)
    102 {
    103     mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    104         ap_get_module_config(c->base_server->module_config, &gnutls_module);
    105     if(sc->enabled == GNUTLS_ENABLED_FALSE) {
    106         return 1;
    107     }
    108 
    109     /* disable TLS for this connection */
     106/**
     107 * In Apache versions from 2.4.33 mod_proxy uses this function to set
     108 * up its client connections. Note that mod_gnutls does not (yet)
     109 * implement per directory configuration for such connections.
     110 *
     111 * @param c the connection
     112 * @param dir_conf per directory configuration, unused for now
     113 * @param proxy Is this a proxy connection?
     114 * @param enable Should TLS be enabled on this connection?
     115 *
     116 * @param `true` (1) if successful, `false` (0) otherwise
     117 */
     118int ssl_engine_set(conn_rec *c,
     119                   ap_conf_vector_t *dir_conf __attribute__((unused)),
     120                   int proxy, int enable)
     121{
    110122    mgs_handle_t *ctxt = init_gnutls_ctxt(c);
    111     ctxt->enabled = GNUTLS_ENABLED_FALSE;
    112     ctxt->is_proxy = GNUTLS_ENABLED_TRUE;
    113 
    114     if (ctxt->input_filter)
    115         ap_remove_input_filter(ctxt->input_filter);
    116     if (ctxt->output_filter)
    117         ap_remove_output_filter(ctxt->output_filter);
    118 
    119     return 1;
    120 }
    121 
    122 int ssl_proxy_enable(conn_rec *c)
    123 {
    124     /* check if TLS proxy support is enabled */
    125     mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    126         ap_get_module_config(c->base_server->module_config, &gnutls_module);
    127     if (sc->proxy_enabled != GNUTLS_ENABLED_TRUE)
     123
     124    /* If TLS proxy has been requested, check if support is enabled
     125     * for the server */
     126    if (proxy && (ctxt->sc->proxy_enabled != GNUTLS_ENABLED_TRUE))
    128127    {
    129128        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
    130129                      "%s: mod_proxy requested TLS proxy, but not enabled "
    131                       "for %s", __func__, sc->cert_cn);
     130                      "for %s", __func__, ctxt->sc->cert_cn);
    132131        return 0;
    133132    }
    134133
    135     /* enable TLS for this connection */
    136     mgs_handle_t *ctxt = init_gnutls_ctxt(c);
    137     ctxt->enabled = GNUTLS_ENABLED_TRUE;
    138     ctxt->is_proxy = GNUTLS_ENABLED_TRUE;
     134    if (proxy)
     135        ctxt->is_proxy = GNUTLS_ENABLED_TRUE;
     136    else
     137        ctxt->is_proxy = GNUTLS_ENABLED_FALSE;
     138
     139    if (enable)
     140        ctxt->enabled = GNUTLS_ENABLED_TRUE;
     141    else
     142        ctxt->enabled = GNUTLS_ENABLED_FALSE;
     143
    139144    return 1;
     145}
     146
     147int ssl_engine_disable(conn_rec *c)
     148{
     149    return ssl_engine_set(c, NULL, 0, 0);
     150}
     151
     152int ssl_proxy_enable(conn_rec *c)
     153{
     154    return ssl_engine_set(c, NULL, 1, 1);
    140155}
    141156
Note: See TracChangeset for help on using the changeset viewer.