Changeset 2aaf4f5 in mod_gnutls for include


Ignore:
Timestamp:
Feb 23, 2014, 1:05:31 PM (5 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
765cac2
Parents:
999cdec
Message:

implement GnuTLSExportCertificates control over max exported cert size

This patchset implements the proposed modification to
GnuTLSExportCertificates, allowing server administrators to choose the
maximum size of the exported certs.

Some advantages:

  • avoids large buffers on the stack
  • more configurable for server admins who expect to use larger certs
  • better visibilty for users when a too-large-cert is encountered

This also increases the default maximum exported size from 10KiB to
16KiB.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • include/mod_gnutls.h.in

    r999cdec r2aaf4f5  
    127127    int enabled;
    128128    /* Export full certificates to CGI environment: */
    129     int export_certificates_enabled;
     129    int export_certificates_size;
    130130        /* GnuTLS Priorities */
    131131    gnutls_priority_t priorities;
     
    360360const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
    361361                            const char *arg);
    362 const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy,
     362const char *mgs_set_export_certificates_size(cmd_parms * parms, void *dummy,
    363363                            const char *arg);
    364364const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
Note: See TracChangeset for help on using the changeset viewer.