Changeset 2b76a9c in mod_gnutls
- Timestamp:
- Jan 29, 2013, 3:41:38 PM (9 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
- Children:
- b8df283
- Parents:
- 303dc6e
- git-author:
- Daniel Kahn Gillmor <dkg@…> (01/25/13 06:36:51)
- git-committer:
- Daniel Kahn Gillmor <dkg@…> (01/29/13 15:41:38)
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
docs/mod_gnutls_manual-0.1.html
r303dc6e r2b76a9c 149 149 server config, virtual host<br /> 150 150 </div> 151 <p>Takes an absolute or relative path to a PEM Encoded Certificate to use as this Server's Certificate.</p> 151 <p>Takes an absolute or relative path to a PEM-encoded 152 X.509 certificate to use as this Server's End Entity (EE) 153 certificate. If you need to supply certificates for 154 intermediate Certificate Authorities (iCAs), they should 155 be listed in sequence in the file, from EE to the iCA 156 closest to the root CA. Optionally, you can also include 157 the root CA's certificate as the last certificate in the 158 list.</p> 152 159 <h4>GnuTLSKeyFile</h4> 153 160 <div class="directive"> -
src/gnutls_hooks.c
r303dc6e r2b76a9c 382 382 #endif 383 383 384 if (sc->certs_x509_chain == NULL && sc->cert_pgp == NULL && sc->enabled == GNUTLS_ENABLED_TRUE) { 384 if ((sc->certs_x509_chain == NULL || sc->certs_x509_chain_num < 1) && 385 sc->cert_pgp == NULL && sc->enabled == GNUTLS_ENABLED_TRUE) { 385 386 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 386 387 "[GnuTLS] - Host '%s:%d' is missing a Certificate File!", … … 389 390 } 390 391 391 if (sc->enabled == GNUTLS_ENABLED_TRUE && ((sc->certs_x509_chain != NULL && sc->privkey_x509 == NULL) || (sc->cert_pgp != NULL && sc->privkey_pgp == NULL))) { 392 if (sc->enabled == GNUTLS_ENABLED_TRUE && 393 ((sc->certs_x509_chain != NULL && sc->certs_x509_chain_num > 0 && sc->privkey_x509 == NULL) || 394 (sc->cert_pgp != NULL && sc->privkey_pgp == NULL))) { 392 395 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 393 396 "[GnuTLS] - Host '%s:%d' is missing a Private Key File!", … … 397 400 398 401 if (sc->enabled == GNUTLS_ENABLED_TRUE) { 399 rv = read_crt_cn(s, p, sc->certs_x509_chain[sc->certs_x509_chain_num-1], &sc->cert_cn); 402 rv = -1; 403 if (sc->certs_x509_chain_num > 0) { 404 rv = read_crt_cn(s, p, sc->certs_x509_chain[0], &sc->cert_cn); 405 } 400 406 if (rv < 0 && sc->cert_pgp != NULL) { 401 407 rv = read_pgpcrt_cn(s, p, sc->cert_pgp, &sc->cert_cn); … … 547 553 } 548 554 549 int ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_chain[ tsc->certs_x509_chain_num-1], s->server_hostname);555 int ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_chain[0], s->server_hostname); 550 556 if (0 == ret) 551 557 ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, … … 754 760 755 761 if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_X509) { 756 mgs_add_common_cert_vars(r, ctxt->sc->certs_x509_chain[ ctxt->sc->certs_x509_chain_num], 0);762 mgs_add_common_cert_vars(r, ctxt->sc->certs_x509_chain[0], 0); 757 763 } else if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_OPENPGP) { 758 764 mgs_add_common_pgpcert_vars(r, ctxt->sc->cert_pgp, 0);
Note: See TracChangeset
for help on using the changeset viewer.