Changeset 37f8282 in mod_gnutls


Ignore:
Timestamp:
Dec 7, 2011, 12:22:48 AM (11 years ago)
Author:
Dash Shendy <neuromancer@…>
Branches:
asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
Children:
694fc04
Parents:
33826c5
Message:

mod_proxy support continued

Signed-off-by: Dash Shendy <neuromancer@…>

Files:
3 edited

Legend:

Unmodified
Added
Removed

  • include/mod_gnutls.h.in

    r33826c5 r37f8282  
    111111    int tickets; /* whether session tickets are allowed */
    112112    int proxy_enabled;
    113     int non_ssl_request;
    114113} mgs_srvconf_rec;
    115114
     
    138137    apr_size_t output_length;
    139138    int status;
     139    int non_ssl_request;
    140140} mgs_handle_t;
    141141
     
    146146
    147147 /* Proxy Support */
     148/* An optional function which returns non-zero if the given connection
     149is using SSL/TLS. */
     150APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
     151/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
     152 * are used by mod_proxy to enable use of SSL for outgoing
     153 * connections. */
     154APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
     155APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
     156int ssl_is_https(conn_rec *c);
    148157int ssl_proxy_enable(conn_rec *c);
    149158int ssl_engine_disable(conn_rec *c);
     159const char *mgs_set_proxy_engine(cmd_parms * parms, void *dummy,
     160    const char *arg);
     161apr_status_t mgs_cleanup_pre_config(void *data);
    150162
    151163/**

  • src/gnutls_hooks.c

    r33826c5 r37f8282  
    4343        int export_certificates_enabled);
    4444
    45 static apr_status_t mgs_cleanup_pre_config(void *data) {
     45apr_status_t mgs_cleanup_pre_config(void *data) {
    4646    gnutls_free(session_ticket_key.data);
    4747    session_ticket_key.data = NULL;
     
    6060#endif
    6161
    62 int mgs_hook_open_logs(apr_pool_t * pconf,apr_pool_t * plog,
    63         apr_pool_t * ptemp) {
     62int mgs_hook_pre_config(apr_pool_t * pconf, apr_pool_t * plog,
     63         apr_pool_t * ptemp) {
    6464#if MOD_GNUTLS_DEBUG
    6565    apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
     
    7070    gnutls_global_set_log_level(9);
    7171    gnutls_global_set_log_function(gnutls_debug_log_all);
    72     _gnutls_log(debug_log_fp, "gnutls: %s\n",
    73             gnutls_check_version(NULL));
     72    _gnutls_log(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL));
    7473#endif   
    75 }
    76 
    77 int mgs_hook_pre_config(apr_pool_t * pconf, apr_pool_t * plog,
    78          apr_pool_t * ptemp) {
    7974    int ret;
    8075
     
    191186}
    192187
    193 /* 2048-bit group parameters from SRP specification
     188/* 2048-bit group parameters from SRP specification */
    194189const char static_dh_params[] = "-----BEGIN DH PARAMETERS-----\n"
    195190        "MIIBBwKCAQCsa9tBMkqam/Fm3l4TiVgvr3K2ZRmH7gf8MZKUPbVgUKNzKcu0oJnt\n"
     
    200195        "Nd4jbVJfVHWbZeNy/NaO8g+nER+eSv9zAgEC\n"
    201196        "-----END DH PARAMETERS-----\n";
    202 */
    203197
    204198/* Read the common name or the alternative name of the certificate.
     
    316310
    317311    if (sc_base->dh_params == NULL) {
     312        gnutls_datum pdata = {
     313            (void *) static_dh_params,
     314            sizeof(static_dh_params)
     315        };
     316        rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
     317                GNUTLS_X509_FMT_PEM);       
     318        /* Generate DH Params
    318319        int dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
    319320                GNUTLS_SEC_PARAM_NORMAL);
     
    322323            "To avoid this use GnuTLSDHFile to specify DH Params for this host",
    323324            dh_bits);               
    324         rv = gnutls_dh_params_generate2 (dh_params,dh_bits);
    325         if (rv < 0) {
    326             ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    327                     "GnuTLS: Unable to generate DH Params: (%d) %s",
    328                     rv, gnutls_strerror(rv));
    329             exit(rv);
    330         }
    331325#if MOD_GNUTLS_DEBUG
    332326            ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
    333327                    "GnuTLS: Generated DH Params of %i bits",dh_bits);
    334 #endif       
     328#endif 
     329        rv = gnutls_dh_params_generate2 (dh_params,dh_bits);
     330        */
     331        if (rv < 0) {
     332            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
     333                    "GnuTLS: Unable to generate or load DH Params: (%d) %s",
     334                    rv, gnutls_strerror(rv));
     335            exit(rv);
     336        }               
    335337    } else {
    336338        dh_params = sc_base->dh_params;
     
    453455    }
    454456    /* Block SIGPIPE Signals */
    455     status = apr_signal_block(SIGPIPE);
    456     if(status != APR_SUCCESS) {
     457    rv = apr_signal_block(SIGPIPE);
     458    if(rv != APR_SUCCESS) {
    457459        /* error sending output */
    458         ap_log_error(APLOG_MARK,APLOG_INFO,ctxt->output_rc,ctxt->c->base_server,
     460        ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
    459461                "GnuTLS: Error Blocking SIGPIPE Signal!");       
    460         return status;
    461462    }   
    462463}
     
    680681
    681682int mgs_hook_pre_connection(conn_rec * c, void *csd) {
    682     mgs_handle_t *ctxt;
    683683    mgs_srvconf_rec *sc;
    684684
     
    688688            &gnutls_module);
    689689
    690     if (sc && !sc->enabled) {
     690    if (sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) {
    691691        return DECLINED;
    692692    }
    693693
    694     if (c->remote_addr->hostname) {
    695         /* Connection initiated by Apache (mod_proxy) => ignore */
    696         return OK;
    697     }
    698 
    699694    create_gnutls_handle(c);
    700 
    701695    return OK;
    702696}

  • src/mod_gnutls.c

    r33826c5 r37f8282  
    2121
    2222static void gnutls_hooks(apr_pool_t * p) {
    23 
    24     ap_hook_open_logs(mgs_hook_open_logs, NULL, NULL,APR_HOOK_MIDDLE);
     23   
    2524    /* Try Run Post-Config Hook After mod_proxy */
    2625    static const char * const aszPre[] = { "mod_proxy.c", NULL };
     
    3332#endif
    3433    /* Default Port Hook */
    35     ap_hook_default_port(nss_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
     34    ap_hook_default_port(mgs_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
    3635    /* Pre-Connect Hook */
    37     ap_hook_pre_connection(mgs_hook_default_port, NULL, NULL, APR_HOOK_MIDDLE);
     36    ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL, APR_HOOK_MIDDLE);
    3837    /* Pre-Config Hook */
    3938    ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL,
     
    6867    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    6968            ap_get_module_config(c->base_server->module_config, &gnutls_module);
    70     if(sc->enabled == GNUTLS_ENABLED_FALSE || sc->non_ssl_request) {
     69    if(sc->enabled == 0 || sc->non_ssl_request == 1) {
    7170        /* SSL/TLS Disabled or Plain HTTP Connection Detected */
    7271        return 0;
     
    9291    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    9392            ap_get_module_config(c->base_server->module_config, &gnutls_module);
    94     return sc->proxy_enabled;
     93    sc->proxy_enabled = 1;
     94    sc->enabled = 0;
     95    return 1;
    9596}
    9697
     
    99100    NULL,
    100101    RSRC_CONF | OR_AUTHCFG,
    101     "Set Verification Requirements of the Client Certificate"),
     102    "Enable SSL Proxy Engine"),
    102103    AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
    103104    NULL,
Note: See TracChangeset for help on using the changeset viewer.