Changeset 2cde026d in mod_gnutls for src/mod_gnutls.c


Ignore:
Timestamp:
Apr 21, 2015, 8:09:54 AM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
4133f2d
Parents:
73f6f12 (diff), d04f7da (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
git-author:
Thomas Klute <thomas2.klute@…> (04/21/15 06:25:30)
git-committer:
Thomas Klute <thomas2.klute@…> (04/21/15 08:09:54)
Message:

Merge branch 'new-gnutls-api'

Merge my TLS proxy implementation with Nikos Mavrogiannopoulos' changes
to use the new GnuTLS key handling API. Some conflicts had to be
resolved.

In Nikos' branch, structures for credentials and priorities are
allocated in mgs_load_files (gnutls_config.c), rather than during server
config structure creation as before. This makes sense, but his patch
doesn't consider the proxy credentials because they didn't exist at the
time.

To minimize additional changes during the merge, proxy credentials are
now allocated in load_proxy_x509_credentials (gnutls_hooks.c), and
mgs_set_priorities (gnutls_config.c) treats proxy and front end
credentials differently (value of GnuTLSPriorities is stored for
mgs_load_files, GnuTLSProxyPriorities is parsed immediately).

Unified handling of priority strings in mgs_set_priorities should be
restored later (towards parsing in post config), handling front end and
proxy credentials separately makes sense because the latter need only be
loaded when TLS proxy operation is enabled and there are some
differences between client (proxy back end) and server (front end)
operation.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/mod_gnutls.c

    r73f6f12 r2cde026d  
    140140    RSRC_CONF | OR_AUTHCFG,
    141141    "Enable SSL Proxy Engine"),
     142    AP_INIT_RAW_ARGS("GnuTLSPIN", mgs_set_pin,
     143    NULL,
     144    RSRC_CONF,
     145    "The PIN to use in case of encrypted keys or PKCS #11 tokens."),
     146    AP_INIT_RAW_ARGS("GnuTLSSRKPIN", mgs_set_srk_pin,
     147    NULL,
     148    RSRC_CONF,
     149    "The SRK PIN to use in case of TPM keys."),
    142150    AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
    143151    NULL,
Note: See TracChangeset for help on using the changeset viewer.