Changeset 265159d in mod_gnutls


Ignore:
Timestamp:
Oct 17, 2017, 2:49:17 PM (8 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
54d07a1
Parents:
321912b
Message:

Send SNI for proxy connections

Files:
3 edited

Legend:

Unmodified
Added
Removed

  • include/mod_gnutls.h.in

    r321912b r265159d  
    285285apr_status_t apr_signal_block(int signum);
    286286
    287  /* Proxy Support */
     287/* Proxy Support */
     288/** mod_proxy adds a note with this key to the connection->notes table
     289 * for client connections */
     290#define PROXY_SNI_NOTE "proxy-request-hostname"
    288291/* An optional function which returns non-zero if the given connection
    289292is using SSL/TLS. */

  • src/gnutls_hooks.c

    r321912b r265159d  
    19661966    /* Get peer hostname from a note left by mod_proxy */
    19671967    const char *peer_hostname =
    1968         apr_table_get(ctxt->c->notes, "proxy-request-hostname");
     1968        apr_table_get(ctxt->c->notes, PROXY_SNI_NOTE);
    19691969    if (peer_hostname == NULL)
    19701970        ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, ctxt->c,
    1971                       "%s: proxy-request-hostname is NULL, cannot check "
     1971                      "%s: " PROXY_SNI_NOTE " NULL, cannot check "
    19721972                      "peer's hostname", __func__);
    19731973

  • src/gnutls_io.c

    r321912b r265159d  
    395395    }
    396396
     397    /* Enable SNI for proxy connections */
     398    if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE)
     399    {
     400        /* Get peer hostname from note left by mod_proxy */
     401        const char *peer_hostname =
     402            apr_table_get(ctxt->c->notes, PROXY_SNI_NOTE);
     403        /* Used only as target for apr_ipsubnet_create() */
     404        apr_ipsubnet_t *probe;
     405        /* Check if the note is present (!= NULL) and NOT an IP
     406         * address */
     407        if ((peer_hostname) != NULL
     408            && (apr_ipsubnet_create(&probe, peer_hostname, NULL, ctxt->c->pool)
     409                != APR_SUCCESS))
     410        {
     411            ret = gnutls_server_name_set(ctxt->session, GNUTLS_NAME_DNS,
     412                                         peer_hostname, strlen(peer_hostname));
     413            if (ret != GNUTLS_E_SUCCESS)
     414                ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, ctxt->c,
     415                              "Could not set SNI '%s' for proxy connection: "
     416                              "%s (%d)",
     417                              peer_hostname, gnutls_strerror(ret), ret);
     418        }
     419    }
     420
    397421tryagain:
    398422    do {
Note: See TracChangeset for help on using the changeset viewer.