Changeset 2f10643 in mod_gnutls


Ignore:
Timestamp:
Apr 10, 2018, 12:48:05 PM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, debian/stretch-backports, master, proxy-ticket, upstream
Children:
9cee2e9
Parents:
e7cf823
Message:

Consider secondary connections (like mod_http2 streams) in hooks

Secondary connections share the TLS session of the primary connection,
so they must not be subject to mod_gnutls' filters. On the other hand,
request hooks looking up TLS parameters must access the TLS session of
the primary connection.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_hooks.c

    re7cf823 r2f10643  
    10601060    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    10611061
     1062    if (c->master)
     1063    {
     1064        ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c,
     1065                      "%s declined secondary connection", __func__);
     1066        return DECLINED;
     1067    }
     1068
    10621069    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    10631070        ap_get_module_config(c->base_server->module_config, &gnutls_module);
     
    10651072        ap_get_module_config(c->conn_config, &gnutls_module);
    10661073
    1067     if ((sc && (!sc->enabled)) || (ctxt && ctxt->enabled == GNUTLS_ENABLED_FALSE))
     1074    if ((sc && (!sc->enabled))
     1075        || (ctxt && ctxt->enabled == GNUTLS_ENABLED_FALSE))
    10681076    {
    10691077        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s declined connection",
     
    11171125    apr_table_t *env = r->subprocess_env;
    11181126
    1119     ctxt = ap_get_module_config(r->connection->conn_config,
    1120                                 &gnutls_module);
     1127    ctxt = get_effective_gnutls_ctxt(r->connection);
    11211128
    11221129    if (!ctxt || ctxt->enabled != GNUTLS_ENABLED_TRUE || ctxt->session == NULL)
     
    11981205
    11991206    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    1200     ctxt =
    1201             ap_get_module_config(r->connection->conn_config,
    1202             &gnutls_module);
     1207    ctxt = get_effective_gnutls_ctxt(r->connection);
    12031208
    12041209    if (!ctxt || ctxt->session == NULL) {
     
    19301935    if (sc->enabled != GNUTLS_ENABLED_FALSE)
    19311936    {
    1932         mgs_handle_t* ctxt =
    1933             ap_get_module_config(r->connection->conn_config, &gnutls_module);
     1937        mgs_handle_t* ctxt = get_effective_gnutls_ctxt(r->connection);
    19341938        if (ctxt && ctxt->session != NULL)
    19351939        {
Note: See TracChangeset for help on using the changeset viewer.