- Timestamp:
- Jan 11, 2013, 12:56:01 AM (8 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, upstream
- Children:
- dc1e7e6, e86847d
- Parents:
- a4839ae
- Location:
- src
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_cache.c
ra4839ae r2a2272d 35 35 36 36 #define MC_TAG "mod_gnutls:" 37 #define MC_TAG_LEN \ 38 (sizeof(MC_TAG)) 37 #define MC_TAG_LEN sizeof(MC_TAG) 39 38 #define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN) 40 39 41 #if 0 42 static char *gnutls_session_id2sz(unsigned char *id, int idlen, 40 char *mgs_session_id2sz(unsigned char *id, int idlen, 43 41 char *str, int strsize) 44 42 { 45 43 char *cp; 46 44 int n; 47 48 cp = apr_cpystrn(str, MC_TAG, MC_TAG_LEN);45 46 cp = str; 49 47 for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) { 50 48 apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]); … … 54 52 return str; 55 53 } 56 #endif 54 55 56 /* Name the Session ID as: 57 * server:port.SessionID 58 * to disallow resuming sessions on different servers 59 */ 60 static int mgs_session_id2dbm(conn_rec* c, unsigned char *id, int idlen, 61 apr_datum_t* dbmkey) 62 { 63 char buf[STR_SESSION_LEN]; 64 char *sz; 65 66 sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf)); 67 if (sz == NULL) 68 return -1; 69 70 dbmkey->dptr = apr_psprintf(c->pool, "%s:%d.%s", c->base_server->server_hostname, c->base_server->port, sz); 71 dbmkey->dsize = strlen( dbmkey->dptr); 72 73 return 0; 74 } 57 75 58 76 #define CTIME "%b %d %k:%M:%S %Y %Z" … … 71 89 } 72 90 73 char *mgs_session_id2sz(unsigned char *id, int idlen,74 char *str, int strsize)75 {76 char *cp;77 int n;78 79 cp = str;80 for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) {81 apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]);82 cp += 2;83 }84 *cp = '\0';85 return str;86 }87 88 89 91 #if HAVE_APR_MEMCACHE 92 /* Name the Session ID as: 93 * server:port.SessionID 94 * to disallow resuming sessions on different servers 95 */ 96 static char* mgs_session_id2mc(conn_rec* c, unsigned char *id, int idlen) 97 { 98 char buf[STR_SESSION_LEN]; 99 char *sz; 100 101 sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf)); 102 if (sz == NULL) 103 return NULL; 104 105 return apr_psprintf(c->pool, MC_TAG"%s:%d.%s", c->base_server->server_hostname, c->base_server->port, sz); 106 } 90 107 91 108 /** … … 185 202 apr_status_t rv = APR_SUCCESS; 186 203 mgs_handle_t *ctxt = baton; 187 char buf[STR_SESSION_LEN];188 204 char* strkey = NULL; 189 205 apr_uint32_t timeout; 190 206 191 strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));207 strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); 192 208 if(!strkey) 193 209 return -1; … … 212 228 apr_status_t rv = APR_SUCCESS; 213 229 mgs_handle_t *ctxt = baton; 214 char buf[STR_SESSION_LEN];215 230 char* strkey = NULL; 216 231 char* value; … … 218 233 gnutls_datum_t data = { NULL, 0 }; 219 234 220 strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));235 strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); 221 236 if (!strkey) { 222 237 return data; … … 253 268 apr_status_t rv = APR_SUCCESS; 254 269 mgs_handle_t *ctxt = baton; 255 char buf[STR_SESSION_LEN];256 270 char* strkey = NULL; 257 271 258 strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));272 strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); 259 273 if(!strkey) 260 274 return -1; … … 367 381 apr_status_t rv; 368 382 369 dbmkey.dptr = (void*)key.data;370 dbmkey.dsize = key.size;383 if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) 384 return data; 371 385 372 386 rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, … … 414 428 apr_status_t rv; 415 429 apr_time_t expiry; 416 417 dbmkey.dptr = (char *)key.data;418 dbmkey.dsize = key.size;430 431 if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) 432 return -1; 419 433 420 434 /* create DBM value */ … … 468 482 mgs_handle_t *ctxt = baton; 469 483 apr_status_t rv; 470 471 dbmkey.dptr = (char *)key.data;472 dbmkey.dsize = key.size;484 485 if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) 486 return -1; 473 487 474 488 rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, -
src/gnutls_config.c
ra4839ae r2a2272d 73 73 } 74 74 75 gnutls_dh_params_init(&sc->dh_params); 75 ret = gnutls_dh_params_init(&sc->dh_params); 76 if (ret < 0) { 77 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 78 ": (%d) %s", ret, gnutls_strerror(ret)); 79 } 80 76 81 ret = 77 82 gnutls_dh_params_import_pkcs3(sc->dh_params, &data, GNUTLS_X509_FMT_PEM); 78 if (ret !=0) {83 if (ret < 0) { 79 84 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 80 85 "DH params '%s': (%d) %s", file, ret, … … 108 113 } 109 114 110 gnutls_rsa_params_init(&sc->rsa_params); 115 ret = gnutls_rsa_params_init(&sc->rsa_params); 116 if (ret < 0) { 117 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 118 ": (%d) %s", ret, gnutls_strerror(ret)); 119 } 120 111 121 ret = 112 122 gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, GNUTLS_X509_FMT_PEM); … … 142 152 } 143 153 144 gnutls_x509_crt_init(&sc->cert_x509);154 sc->certs_x509_num = MAX_CHAIN_SIZE; 145 155 ret = 146 gnutls_x509_crt_ import(sc->cert_x509, &data, GNUTLS_X509_FMT_PEM);147 if (ret !=0) {156 gnutls_x509_crt_list_import(sc->certs_x509, &sc->certs_x509_num, &data, GNUTLS_X509_FMT_PEM, 0); 157 if (ret < 0) { 148 158 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 149 159 "Certificate '%s': (%d) %s", file, ret, … … 175 185 } 176 186 177 gnutls_x509_privkey_init(&sc->privkey_x509); 187 ret = gnutls_x509_privkey_init(&sc->privkey_x509); 188 if (ret < 0) { 189 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 190 ": (%d) %s", ret, gnutls_strerror(ret)); 191 } 192 178 193 ret = 179 194 gnutls_x509_privkey_import(sc->privkey_x509, &data, … … 396 411 { 397 412 mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc)); 398 413 int ret; 414 399 415 sc->enabled = GNUTLS_ENABLED_FALSE; 400 416 401 gnutls_certificate_allocate_credentials(&sc->certs); 402 gnutls_anon_allocate_server_credentials(&sc->anon_creds); 403 gnutls_srp_allocate_server_credentials(&sc->srp_creds); 417 ret = gnutls_certificate_allocate_credentials(&sc->certs); 418 if (ret < 0) { 419 return apr_psprintf(p, "GnuTLS: Failed to initialize" 420 ": (%d) %s", ret, gnutls_strerror(ret)); 421 } 422 423 ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds); 424 if (ret < 0) { 425 return apr_psprintf(p, "GnuTLS: Failed to initialize" 426 ": (%d) %s", ret, gnutls_strerror(ret)); 427 } 428 429 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); 430 if (ret < 0) { 431 return apr_psprintf(p, "GnuTLS: Failed to initialize" 432 ": (%d) %s", ret, gnutls_strerror(ret)); 433 } 404 434 405 435 sc->srp_tpasswd_conf_file = NULL; 406 436 sc->srp_tpasswd_file = NULL; 407 437 sc->privkey_x509 = NULL; 408 sc->cert_x509 = NULL; 438 memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); 439 sc->certs_x509_num = 0; 409 440 sc->cache_timeout = apr_time_from_sec(300); 410 441 sc->cache_type = mgs_cache_dbm; -
src/gnutls_hooks.c
ra4839ae r2a2272d 58 58 apr_pool_t * plog, apr_pool_t * ptemp) 59 59 { 60 int ret; 60 61 61 62 #if APR_HAS_THREADS … … 68 69 #endif 69 70 70 gnutls_global_init(); 71 71 ret = gnutls_global_init(); 72 if (ret < 0) /* FIXME: can we print here? */ 73 exit(ret); 74 72 75 apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, 73 76 apr_pool_cleanup_null); … … 131 134 return ret; 132 135 133 /* allow separate caches per virtual host. Actually allowing the same is a134 * bad idea, since they might have different security requirements.135 */136 mgs_cache_session_init(ctxt);137 136 138 137 return 0; … … 146 145 147 146 ret->type = GNUTLS_CRT_X509; 148 ret->ncerts = 1;147 ret->ncerts = ctxt->sc->certs_x509_num; 149 148 ret->deinit_all = 0; 150 149 151 ret->cert.x509 = &ctxt->sc->cert_x509;150 ret->cert.x509 = ctxt->sc->certs_x509; 152 151 ret->key.x509 = ctxt->sc->privkey_x509; 153 152 return 0; … … 332 331 } 333 332 334 if (sc->cert _x509== NULL333 if (sc->certs_x509[0] == NULL 335 334 && sc->enabled == GNUTLS_ENABLED_TRUE) { 336 335 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, … … 351 350 352 351 if (sc->enabled == GNUTLS_ENABLED_TRUE) { 353 rv = read_crt_cn(s, p, sc->cert _x509, &sc->cert_cn);352 rv = read_crt_cn(s, p, sc->certs_x509[0], &sc->cert_cn); 354 353 if (rv < 0) { 355 354 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, … … 589 588 mgs_select_virtual_server_cb); 590 589 590 mgs_cache_session_init(ctxt); 591 591 592 return ctxt; 592 593 } … … 684 685 apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp)); 685 686 686 mgs_add_common_cert_vars(r, ctxt->sc->cert _x509, 0,687 mgs_add_common_cert_vars(r, ctxt->sc->certs_x509[0], 0, 687 688 ctxt->sc->export_certificates_enabled); 688 689
Note: See TracChangeset
for help on using the changeset viewer.