Changeset 300ae82 in mod_gnutls for src/gnutls_io.c


Ignore:
Timestamp:
Apr 16, 2018, 8:42:39 PM (3 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports
Children:
8982265
Parents:
639ce77 (diff), f5342b1 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge tag 'upstream/0.8.3' into debian/master

Upstream version 0.8.3

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_io.c

    r639ce77 r300ae82  
    33 *  Copyright 2008 Nikos Mavrogiannopoulos
    44 *  Copyright 2011 Dash Shendy
    5  *  Copyright 2015-2016 Thomas Klute
     5 *  Copyright 2015-2017 Thomas Klute
    66 *
    77 *  Licensed under the Apache License, Version 2.0 (the "License");
     
    395395    }
    396396
     397    /* Enable SNI for proxy connections */
     398    if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE)
     399    {
     400        /* Get peer hostname from note left by mod_proxy */
     401        const char *peer_hostname =
     402            apr_table_get(ctxt->c->notes, PROXY_SNI_NOTE);
     403        /* Used only as target for apr_ipsubnet_create() */
     404        apr_ipsubnet_t *probe;
     405        /* Check if the note is present (!= NULL) and NOT an IP
     406         * address */
     407        if ((peer_hostname) != NULL
     408            && (apr_ipsubnet_create(&probe, peer_hostname, NULL, ctxt->c->pool)
     409                != APR_SUCCESS))
     410        {
     411            ret = gnutls_server_name_set(ctxt->session, GNUTLS_NAME_DNS,
     412                                         peer_hostname, strlen(peer_hostname));
     413            if (ret != GNUTLS_E_SUCCESS)
     414                ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, ctxt->c,
     415                              "Could not set SNI '%s' for proxy connection: "
     416                              "%s (%d)",
     417                              peer_hostname, gnutls_strerror(ret), ret);
     418        }
     419    }
     420
    397421tryagain:
    398422    do {
     
    446470        /* all done with the handshake */
    447471        ctxt->status = 1;
    448         /* If the session was resumed, we did not set the correct
    449          * server_rec in ctxt->sc.  Go Find it. (ick!)
    450          */
    451         if (gnutls_session_is_resumed(ctxt->session)) {
    452             mgs_srvconf_rec *sc;
    453             sc = mgs_find_sni_server(ctxt->session);
    454             if (sc) {
    455                 ctxt->sc = sc;
    456             }
     472        if (gnutls_session_is_resumed(ctxt->session))
     473        {
     474            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,
     475                          "%s: TLS session resumed.", __func__);
    457476        }
    458477        return GNUTLS_E_SUCCESS;
Note: See TracChangeset for help on using the changeset viewer.