Changeset 346c03b in mod_gnutls
- Timestamp:
- Jan 15, 2020, 3:44:53 AM (3 years ago)
- Branches:
- asyncio, master, proxy-ticket
- Children:
- 0dc1a31
- Parents:
- 407ca6e
- git-author:
- Fiona Klute <fiona.klute@…> (01/15/20 02:42:10)
- git-committer:
- Fiona Klute <fiona.klute@…> (01/15/20 03:44:53)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
r407ca6e r346c03b 58 58 * Extension (status_request, defined in RFC 6066) */ 59 59 #define TLSFEATURE_MUST_STAPLE 5 60 61 /** 62 * Request protocol string for HTTP/2, as hard-coded in mod_http2 63 * h2_request.c. 64 */ 65 #define HTTP2_PROTOCOL "HTTP/2.0" 66 67 /** 68 * mod_http2 checks this note, set it to signal that a request would 69 * require renegotiation/reauth, which isn't allowed under HTTP/2. The 70 * content of the note is expected to be a string giving the reason 71 * renegotiation would be needed. 72 * 73 * See: https://tools.ietf.org/html/rfc7540#section-9.2.1 74 */ 75 #define RENEGOTIATE_FORBIDDEN_NOTE "ssl-renegotiate-forbidden" 60 76 61 77 /** Key to encrypt session tickets. Must be kept secret. This key is … … 1446 1462 return rv; 1447 1463 1464 if (strcmp(r->protocol, HTTP2_PROTOCOL) == 0) 1465 { 1466 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 1467 "Rehandshake is prohibited for HTTP/2 " 1468 "(RFC 7540, section 9.2.1)."); 1469 apr_table_setn(r->notes, RENEGOTIATE_FORBIDDEN_NOTE, 1470 "verify-client"); 1471 return HTTP_FORBIDDEN; 1472 } 1473 1448 1474 gnutls_certificate_server_set_request 1449 1475 (ctxt->session, dc->client_verify_mode);
Note: See TracChangeset
for help on using the changeset viewer.