Changeset 3b4c0d0 in mod_gnutls for include


Ignore:
Timestamp:
Dec 20, 2012, 11:29:16 PM (6 years ago)
Author:
Dash Shendy <neuromancer@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream
Children:
8780e34
Parents:
8c03808
Message:
  • Added Comments to Header Structures
  • Refactored the following:

mod_gnutls.h.in:

  • struct mgs_srvconf_rec{}

gnutls_config.c:

  • mgs_set_cert_file()
  • mgs_set_key_file()
  • mgs_set_priorities()
  • mgs_config_server_create()

gnutls_hooks.c

  • mgs_hook_pre_config()
  • mgs_select_virtual_server_cb()
  • cert_retrieve_fn()
  • read_crt_cn()
  • mgs_hook_post_config()
  • mgs_find_sni_server()
  • mgs_add_common_cert_vars()
  • mgs_add_common_pgpcert_vars()

Signed-off-by: Dash Shendy <neuromancer@…>

File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    r8c03808 r3b4c0d0  
    1616 */
    1717
     18/* Apache Runtime Headers */
    1819#include "httpd.h"
    1920#include "http_config.h"
     
    2829#include "ap_release.h"
    2930#include "apr_fnmatch.h"
    30 
     31/* GnuTLS Library Headers */
    3132#include <gnutls/gnutls.h>
    3233#include <gnutls/extra.h>
     
    4142extern module AP_MODULE_DECLARE_DATA gnutls_module;
    4243
     44/* IO Filter names */
    4345#define GNUTLS_OUTPUT_FILTER_NAME "gnutls_output_filter"
    4446#define GNUTLS_INPUT_FILTER_NAME "gnutls_input_filter"
    45 
     47/* GnuTLS Constants */
    4648#define GNUTLS_ENABLED_FALSE 0
    4749#define GNUTLS_ENABLED_TRUE  1
    48 
    49 #define MOD_GNUTLS_VERSION "@MOD_GNUTLS_VERSION@"
    50 
    51 #define MOD_GNUTLS_DEBUG @OOO_MAINTAIN@
    52 
    53 /* Recent Versions of 2.1 renamed several hooks. This allows us to
    54    compile on 2.0.xx  */
     50/* Current module version */
     51#define MOD_GNUTLS_VERSION "0.5.10"
     52/* Module Debug Mode */
     53#define MOD_GNUTLS_DEBUG 1
     54
     55/*
     56 * Recent Versions of 2.1 renamed several hooks.
     57 * This allows us to compile on 2.0.xx 
     58 */
    5559#if AP_SERVER_MINORVERSION_NUMBER >= 2 || (AP_SERVER_MINORVERSION_NUMBER == 1 && AP_SERVER_PATCHLEVEL_NUMBER >= 3)
    56 #define USING_2_1_RECENT 1
     60        #define USING_2_1_RECENT 1
    5761#else
    58 #define USING_2_1_RECENT 0
     62        #define USING_2_1_RECENT 0
    5963#endif
    6064
    61 typedef enum
    62 {
     65/* mod_gnutls Cache Types */
     66typedef enum {
     67        /* No Cache */
    6368    mgs_cache_none,
     69        /* Use Old Berkley DB */
    6470    mgs_cache_dbm,
     71        /* Use Gnu's version of Berkley DB */
    6572    mgs_cache_gdbm,
    6673#if HAVE_APR_MEMCACHE
     74        /* Use Memcache */
    6775    mgs_cache_memcache
    6876#endif
    6977} mgs_cache_e;
    7078
    71 typedef struct
    72 {
     79/* Directory Configuration Record */
     80typedef struct {
    7381    int client_verify_mode;
    7482    const char* lua_bytecode;
     
    7785
    7886
    79 /* The maximum number of certificates to send in a chain
    80  */
     87/* The maximum number of certificates to send in a chain */
    8188#define MAX_CHAIN_SIZE 8
    82 
    83 typedef struct
    84 {
    85     gnutls_certificate_credentials_t certs;
     89/* The maximum number of SANs to read from a x509 certificate */
     90#define MAX_CERT_SAN 5
     91
     92/* Server Configuration Record */
     93typedef struct {
     94        /* x509 Certificate Structure */
     95    gnutls_certificate_credentials_t certs;
     96        /* SRP Certificate Structure*/
    8697    gnutls_srp_server_credentials_t srp_creds;
     98        /* Annonymous Certificate Structure */
    8799    gnutls_anon_server_credentials_t anon_creds;
     100        /* Current x509 Certificate CN [Common Name] */
    88101    char* cert_cn;
    89     gnutls_x509_crt_t certs_x509[MAX_CHAIN_SIZE]; /* A certificate chain */
    90     unsigned int certs_x509_num;
     102        /* Current x509 Certificate SAN [Subject Alternate Name]s*/
     103        char* cert_san[MAX_CERT_SAN];
     104        /* A x509 Certificate Chain */
     105    gnutls_x509_crt_t *certs_x509_chain;
     106        /* Current x509 Certificate Private Key */
    91107    gnutls_x509_privkey_t privkey_x509;
    92     gnutls_openpgp_crt_t cert_pgp; /* A certificate chain */
     108        /* OpenPGP Certificate */
     109    gnutls_openpgp_crt_t cert_pgp;
     110        /* OpenPGP Certificate Private Key */
    93111    gnutls_openpgp_privkey_t privkey_pgp;
     112        /* Number of Certificates in Chain */
     113    unsigned int certs_x509_chain_num;
     114        /* Is the module enabled? */
    94115    int enabled;
    95     /* whether to send the PEM encoded certificates
    96      * to CGIs
    97      */
    98     int export_certificates_enabled;
     116        /* GnuTLS Priorities */
    99117    gnutls_priority_t priorities;
     118        /* GnuTLS RSA Parameters [Obselete] */
    100119    gnutls_rsa_params_t rsa_params;
     120        /* GnuTLS DH Parameters */
    101121    gnutls_dh_params_t dh_params;
     122        /* Cache timeout value */
    102123    int cache_timeout;
     124        /* Chose Cache Type */
    103125    mgs_cache_e cache_type;
    104126    const char* cache_config;
    105127    const char* srp_tpasswd_file;
    106128    const char* srp_tpasswd_conf_file;
     129        /* A list of CA Certificates */
    107130    gnutls_x509_crt_t *ca_list;
     131        /* OpenPGP Key Ring */
    108132    gnutls_openpgp_keyring_t pgp_list;
     133        /* CA Certificate list size */
    109134    unsigned int ca_list_size;
     135        /* Client Certificate Verification Mode */
    110136    int client_verify_mode;
     137        /* Last Cache timestamp */
    111138    apr_time_t last_cache_check;
    112     int tickets; /* whether session tickets are allowed */
     139        /* GnuTLS uses Session Tickets */
     140    int tickets;
     141        /* Is mod_proxy enabled? */
    113142    int proxy_enabled;
     143        /* A Plain HTTP request */
    114144    int non_ssl_request;
    115145} mgs_srvconf_rec;
    116146
     147/* Character Buffer */
    117148typedef struct {
    118149    int length;
     
    120151} mgs_char_buffer_t;
    121152
    122 typedef struct
    123 {
     153/* GnuTLS Handle */
     154typedef struct {
     155        /* Server configuration record */
    124156    mgs_srvconf_rec *sc;
     157        /* Connection record */
    125158    conn_rec* c;
     159        /* GnuTLS Session handle */
    126160    gnutls_session_t session;
     161        /* module input status */
    127162    apr_status_t input_rc;
     163        /* Input filter */
    128164    ap_filter_t *input_filter;
     165        /* Input Bucket Brigade */
    129166    apr_bucket_brigade *input_bb;
     167        /* Input Read Type */
    130168    apr_read_type_e input_block;
     169        /* Input Mode */
    131170    ap_input_mode_t input_mode;
     171        /* Input Character Buffer */
    132172    mgs_char_buffer_t input_cbuf;
     173        /* Input Character Array */
    133174    char input_buffer[AP_IOBUFSIZE];
     175        /* module Output status */
    134176    apr_status_t output_rc;
     177        /* Output filter */
    135178    ap_filter_t *output_filter;
     179        /* Output Bucket Brigade */
    136180    apr_bucket_brigade *output_bb;
     181        /* Output character array */
    137182    char output_buffer[AP_IOBUFSIZE];
     183        /* Output buffer length */
    138184    apr_size_t output_blen;
     185        /* Output length */
    139186    apr_size_t output_length;
     187        /* General Status */
    140188    int status;
    141189} mgs_handle_t;
     190
     191
    142192
    143193/** Functions in gnutls_io.c **/
Note: See TracChangeset for help on using the changeset viewer.