Changeset 2a2272d in mod_gnutls for src


Ignore:
Timestamp:
Jan 11, 2013, 12:56:01 AM (8 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, upstream
Children:
dc1e7e6, e86847d
Parents:
a4839ae
Message:

Imported Upstream version 0.4.2

Location:
src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_cache.c

    ra4839ae r2a2272d  
    3535
    3636#define MC_TAG "mod_gnutls:"
    37 #define MC_TAG_LEN \
    38     (sizeof(MC_TAG))
     37#define MC_TAG_LEN sizeof(MC_TAG)
    3938#define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN)
    4039
    41 #if 0
    42 static char *gnutls_session_id2sz(unsigned char *id, int idlen,
     40char *mgs_session_id2sz(unsigned char *id, int idlen,
    4341                               char *str, int strsize)
    4442{
    4543    char *cp;
    4644    int n;
    47  
    48     cp = apr_cpystrn(str, MC_TAG, MC_TAG_LEN);
     45
     46    cp = str;
    4947    for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) {
    5048        apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]);
     
    5452    return str;
    5553}
    56 #endif
     54
     55
     56/* Name the Session ID as:
     57 * server:port.SessionID
     58 * to disallow resuming sessions on different servers
     59 */
     60static int mgs_session_id2dbm(conn_rec* c, unsigned char *id, int idlen,
     61                               apr_datum_t* dbmkey)
     62{
     63char buf[STR_SESSION_LEN];
     64char *sz;
     65   
     66    sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf));
     67    if (sz == NULL)
     68      return -1;
     69     
     70    dbmkey->dptr = apr_psprintf(c->pool, "%s:%d.%s", c->base_server->server_hostname, c->base_server->port, sz);
     71    dbmkey->dsize = strlen( dbmkey->dptr);
     72   
     73    return 0;
     74}
    5775
    5876#define CTIME "%b %d %k:%M:%S %Y %Z"
     
    7189}
    7290
    73 char *mgs_session_id2sz(unsigned char *id, int idlen,
    74                                char *str, int strsize)
    75 {
    76     char *cp;
    77     int n;
    78    
    79     cp = str;
    80     for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) {
    81         apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]);
    82         cp += 2;
    83     }
    84     *cp = '\0';
    85     return str;
    86 }
    87 
    88 
    8991#if HAVE_APR_MEMCACHE
     92/* Name the Session ID as:
     93 * server:port.SessionID
     94 * to disallow resuming sessions on different servers
     95 */
     96static char* mgs_session_id2mc(conn_rec* c, unsigned char *id, int idlen)
     97{
     98char buf[STR_SESSION_LEN];
     99char *sz;
     100   
     101    sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf));
     102    if (sz == NULL)
     103      return NULL;
     104     
     105    return apr_psprintf(c->pool, MC_TAG"%s:%d.%s", c->base_server->server_hostname, c->base_server->port, sz);
     106}
    90107
    91108/**
     
    185202    apr_status_t rv = APR_SUCCESS;
    186203    mgs_handle_t *ctxt = baton;
    187     char buf[STR_SESSION_LEN];
    188204    char* strkey = NULL;
    189205    apr_uint32_t timeout;
    190206
    191     strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));
     207    strkey = mgs_session_id2mc(ctxt->c, key.data, key.size);
    192208    if(!strkey)
    193209        return -1;
     
    212228    apr_status_t rv = APR_SUCCESS;
    213229    mgs_handle_t *ctxt = baton;
    214     char buf[STR_SESSION_LEN];
    215230    char* strkey = NULL;
    216231    char* value;
     
    218233    gnutls_datum_t data = { NULL, 0 };
    219234
    220     strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));
     235    strkey = mgs_session_id2mc(ctxt->c, key.data, key.size);
    221236    if (!strkey) {
    222237        return data;
     
    253268    apr_status_t rv = APR_SUCCESS;
    254269    mgs_handle_t *ctxt = baton;
    255     char buf[STR_SESSION_LEN];
    256270    char* strkey = NULL;
    257271
    258     strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));
     272    strkey = mgs_session_id2mc(ctxt->c, key.data, key.size);
    259273    if(!strkey)
    260274        return -1;
     
    367381    apr_status_t rv;
    368382
    369     dbmkey.dptr  = (void*)key.data;
    370     dbmkey.dsize = key.size;
     383    if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0)
     384        return data;
    371385
    372386    rv = apr_dbm_open(&dbm, ctxt->sc->cache_config,
     
    414428    apr_status_t rv;
    415429    apr_time_t expiry;
    416    
    417     dbmkey.dptr  = (char *)key.data;
    418     dbmkey.dsize = key.size;
     430
     431    if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0)
     432        return -1;
    419433
    420434    /* create DBM value */
     
    468482    mgs_handle_t *ctxt = baton;
    469483    apr_status_t rv;
    470    
    471     dbmkey.dptr  = (char *)key.data;
    472     dbmkey.dsize = key.size;
     484
     485    if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0)
     486        return -1;
    473487
    474488    rv = apr_dbm_open(&dbm, ctxt->sc->cache_config,
  • src/gnutls_config.c

    ra4839ae r2a2272d  
    7373    }
    7474
    75     gnutls_dh_params_init(&sc->dh_params);
     75    ret = gnutls_dh_params_init(&sc->dh_params);
     76    if (ret < 0) {
     77        return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize"
     78                            ": (%d) %s", ret, gnutls_strerror(ret));
     79    }
     80
    7681    ret =
    7782        gnutls_dh_params_import_pkcs3(sc->dh_params, &data, GNUTLS_X509_FMT_PEM);
    78     if (ret != 0) {
     83    if (ret < 0) {
    7984        return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
    8085                            "DH params '%s': (%d) %s", file, ret,
     
    108113    }
    109114
    110     gnutls_rsa_params_init(&sc->rsa_params);
     115    ret = gnutls_rsa_params_init(&sc->rsa_params);
     116    if (ret < 0) {
     117        return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize"
     118                            ": (%d) %s", ret, gnutls_strerror(ret));
     119    }
     120
    111121    ret =
    112122        gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, GNUTLS_X509_FMT_PEM);
     
    142152    }
    143153
    144     gnutls_x509_crt_init(&sc->cert_x509);
     154    sc->certs_x509_num = MAX_CHAIN_SIZE;
    145155    ret =
    146         gnutls_x509_crt_import(sc->cert_x509, &data, GNUTLS_X509_FMT_PEM);
    147     if (ret != 0) {
     156        gnutls_x509_crt_list_import(sc->certs_x509, &sc->certs_x509_num, &data, GNUTLS_X509_FMT_PEM, 0);
     157    if (ret < 0) {
    148158        return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
    149159                            "Certificate '%s': (%d) %s", file, ret,
     
    175185    }
    176186
    177     gnutls_x509_privkey_init(&sc->privkey_x509);
     187    ret = gnutls_x509_privkey_init(&sc->privkey_x509);
     188    if (ret < 0) {
     189        return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize"
     190                            ": (%d) %s", ret, gnutls_strerror(ret));
     191    }
     192
    178193    ret =
    179194        gnutls_x509_privkey_import(sc->privkey_x509, &data,
     
    396411{
    397412    mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc));
    398 
     413    int ret;
     414   
    399415    sc->enabled = GNUTLS_ENABLED_FALSE;
    400416
    401     gnutls_certificate_allocate_credentials(&sc->certs);
    402     gnutls_anon_allocate_server_credentials(&sc->anon_creds);
    403     gnutls_srp_allocate_server_credentials(&sc->srp_creds);
     417    ret = gnutls_certificate_allocate_credentials(&sc->certs);
     418    if (ret < 0) {
     419        return apr_psprintf(p, "GnuTLS: Failed to initialize"
     420                            ": (%d) %s", ret, gnutls_strerror(ret));
     421    }
     422
     423    ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds);
     424    if (ret < 0) {
     425        return apr_psprintf(p, "GnuTLS: Failed to initialize"
     426                            ": (%d) %s", ret, gnutls_strerror(ret));
     427    }
     428
     429    ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds);
     430    if (ret < 0) {
     431        return apr_psprintf(p, "GnuTLS: Failed to initialize"
     432                            ": (%d) %s", ret, gnutls_strerror(ret));
     433    }
    404434
    405435    sc->srp_tpasswd_conf_file = NULL;
    406436    sc->srp_tpasswd_file = NULL;
    407437    sc->privkey_x509 = NULL;
    408     sc->cert_x509 = NULL;
     438    memset( sc->certs_x509, 0, sizeof(sc->certs_x509));
     439    sc->certs_x509_num = 0;
    409440    sc->cache_timeout = apr_time_from_sec(300);
    410441    sc->cache_type = mgs_cache_dbm;
  • src/gnutls_hooks.c

    ra4839ae r2a2272d  
    5858                    apr_pool_t * plog, apr_pool_t * ptemp)
    5959{
     60int ret;
    6061
    6162#if APR_HAS_THREADS
     
    6869#endif
    6970
    70     gnutls_global_init();
    71 
     71    ret = gnutls_global_init();
     72    if (ret < 0) /* FIXME: can we print here? */
     73        exit(ret);
     74                                           
    7275    apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config,
    7376                              apr_pool_cleanup_null);
     
    131134        return ret;
    132135
    133     /* allow separate caches per virtual host. Actually allowing the same is a
    134      * bad idea, since they might have different security requirements.
    135      */
    136     mgs_cache_session_init(ctxt);
    137136
    138137    return 0;
     
    146145
    147146    ret->type = GNUTLS_CRT_X509;
    148     ret->ncerts = 1;
     147    ret->ncerts = ctxt->sc->certs_x509_num;
    149148    ret->deinit_all = 0;
    150149
    151     ret->cert.x509 = &ctxt->sc->cert_x509;
     150    ret->cert.x509 = ctxt->sc->certs_x509;
    152151    ret->key.x509 = ctxt->sc->privkey_x509;
    153152    return 0;
     
    332331            }
    333332
    334             if (sc->cert_x509 == NULL
     333            if (sc->certs_x509[0] == NULL
    335334                && sc->enabled == GNUTLS_ENABLED_TRUE) {
    336335                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
     
    351350
    352351            if (sc->enabled == GNUTLS_ENABLED_TRUE) {
    353                 rv = read_crt_cn(s, p, sc->cert_x509, &sc->cert_cn);
     352                rv = read_crt_cn(s, p, sc->certs_x509[0], &sc->cert_cn);
    354353                if (rv < 0) {
    355354                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
     
    589588                                                    mgs_select_virtual_server_cb);
    590589
     590    mgs_cache_session_init(ctxt);
     591
    591592    return ctxt;
    592593}
     
    684685    apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp));
    685686
    686     mgs_add_common_cert_vars(r, ctxt->sc->cert_x509, 0,
     687    mgs_add_common_cert_vars(r, ctxt->sc->certs_x509[0], 0,
    687688                             ctxt->sc->export_certificates_enabled);
    688689
Note: See TracChangeset for help on using the changeset viewer.