Changeset 2cde8111 in mod_gnutls
- Timestamp:
- Apr 5, 2015, 6:20:59 PM (7 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream
- Children:
- d04f7da
- Parents:
- 351b51f
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
include/mod_gnutls.h.in
r351b51f r2cde8111 170 170 /* OpenPGP Certificate Private Key */ 171 171 gnutls_privkey_t privkey_pgp; 172 /* Internal structure for the OpenPGP private key. DO NOT USE 173 * outside key loading. */ 174 gnutls_openpgp_privkey_t privkey_pgp_internal; 172 175 173 176 /* Export full certificates to CGI environment: */ -
src/gnutls_config.c
r351b51f r2cde8111 422 422 } 423 423 424 ret = 425 gnutls_privkey_import_openpgp_raw(sc->privkey_pgp, &data, 426 GNUTLS_OPENPGP_FMT_BASE64, 427 NULL, NULL); 424 /* Theoretically, this chain of gnutls_openpgp_privkey_init, 425 * gnutls_openpgp_privkey_import and 426 * gnutls_privkey_import_openpgp could be replaced with one 427 * call to gnutls_privkey_import_openpgp_raw as shown 428 * below. However, that led to a segfault during handshake 429 * which disappeared with the three step method. 430 * 431 * ret = gnutls_privkey_import_openpgp_raw(sc->privkey_pgp, &data, 432 * GNUTLS_OPENPGP_FMT_BASE64, 433 * NULL, NULL); */ 434 ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp_internal); 435 if (ret != 0) { 436 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 437 "GnuTLS: Failed to initialize " 438 "PGP Private Key '%s': (%d) %s", 439 sc->pgp_key_file, ret, gnutls_strerror(ret)); 440 ret = -1; 441 goto cleanup; 442 } 443 444 ret = gnutls_openpgp_privkey_import(sc->privkey_pgp_internal, &data, 445 GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); 428 446 if (ret != 0) { 429 447 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, … … 431 449 "PGP Private Key '%s': (%d) %s", 432 450 sc->pgp_key_file, ret, gnutls_strerror(ret)); 451 ret = -1; 452 goto cleanup; 453 } 454 455 ret = gnutls_privkey_import_openpgp(sc->privkey_pgp, 456 sc->privkey_pgp_internal, 0); 457 if (ret != 0) 458 { 459 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 460 "GnuTLS: Failed to assign PGP Private Key '%s' " 461 "to gnutls_privkey_t structure: (%d) %s", 462 sc->pgp_key_file, ret, gnutls_strerror(ret)); 433 463 ret = -1; 434 464 goto cleanup; -
src/gnutls_hooks.c
r351b51f r2cde8111 360 360 gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params); 361 361 } 362 363 /* The call after this comment is a workaround for bug in 364 * gnutls_certificate_set_retrieve_function2 that ignores 365 * supported certificate types. Should be fixed in GnuTLS 366 * 3.3.12. 367 * 368 * Details: 369 * https://lists.gnupg.org/pipermail/gnutls-devel/2015-January/007377.html 370 * Workaround from: 371 * https://github.com/vanrein/tlspool/commit/4938102d3d1b086491d147e6c8e4e2a02825fc12 372 * 373 * TODO: add appropriate version guards */ 374 #if GNUTLS_VERSION_NUMBER < 0x030312 375 gnutls_certificate_set_retrieve_function(sc->certs, (void *) exit); 376 #endif 362 377 363 378 gnutls_certificate_set_retrieve_function2(sc->certs, cert_retrieve_fn);
Note: See TracChangeset
for help on using the changeset viewer.