Context Navigation

r8eb6ccd	r3e94bd3
1	1	/* config.in. Generated from configure.ac by autoheader. */
	2
	3	/* Define to 1 if mod_status.h and the mod_Status hook are available */
	4	#undef HAVE_MOD_STATUS_H
2	5
3	6	/* Name of package */

config/config.guess

-                      r8eb6ccd
+                      r3e94bd3
 # Attempt to guess a canonical system name.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
 timestamp='2004-11-12'
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+timestamp='2005-03-24'
 # This file is free software; you can redistribute it and/or modify it
 …
 Originally written by Per Bothner.
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 …
     i*:UWIN*:*)
         echo ${UNAME_MACHINE}-pc-uwin
+        exit 0 ;;
+    amd64:CYGWIN*:*:*)
+        echo x86_64-unknown-cygwin
         exit 0 ;;
     p*:CYGWIN*:*)
 …
         echo i386-pc-qnx
         exit 0 ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+        echo nse-tandem-nsk${UNAME_RELEASE}
+        exit 0 ;;
     NSR-?:NONSTOP_KERNEL:*:*)
         echo nsr-tandem-nsk${UNAME_RELEASE}
 …
 download the most up to date version of the config scripts from
+    ftp://ftp.gnu.org/pub/gnu/config/
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
 If the version you run ($0) is already up to date, please

config/config.sub

-                      r8eb6ccd
+                      r3e94bd3
 # Configuration validation subroutine script.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
 #   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
 timestamp='2004-11-30'
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+timestamp='2005-02-10'
 # This file is (in principle) common to ALL GNU software.
 …
 GNU config.sub ($timestamp)
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 …
         | i370 | i860 | i960 | ia64 \
         | ip2k | iq2000 \
         | m32r | m32rle | m68000 | m68k | m88k | mcore \
+        | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
         | mips | mipsbe | mipseb | mipsel | mipsle \
         | mips16 \
 …
         | m32r-* | m32rle-* \
         | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
         | m88110-* | m88k-* | mcore-* \
+        | m88110-* | m88k-* | maxq-* | mcore-* \
         | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
         | mips16-* \

configure

-                      r8eb6ccd
+                      r3e94bd3
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.59 for mod_gnutls 0.1.1.
+# Generated by GNU Autoconf 2.59 for mod_gnutls 0.2.0.
+#
 # Copyright (C) 2003 Free Software Foundation, Inc.
 …
 PACKAGE_NAME='mod_gnutls'
 PACKAGE_TARNAME='mod_gnutls'
 PACKAGE_VERSION='0.1.1'
 PACKAGE_STRING='mod_gnutls 0.1.1'
+PACKAGE_VERSION='0.2.0'
+PACKAGE_STRING='mod_gnutls 0.2.0'
 PACKAGE_BUGREPORT=''
 …
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
 \`configure' configures mod_gnutls 0.1.1 to adapt to many kinds of systems.
+\`configure' configures mod_gnutls 0.2.0 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
 …
 if test -n "$ac_init_help"; then
   case $ac_init_help in
      short | recursive ) echo "Configuration of mod_gnutls 0.1.1:";;
+     short | recursive ) echo "Configuration of mod_gnutls 0.2.0:";;
    esac
   cat <<\_ACEOF
 …
 if $ac_init_version; then
   cat <<\_ACEOF
 mod_gnutls configure 0.1.1
+mod_gnutls configure 0.2.0
 generated by GNU Autoconf 2.59
 …
 running configure, to aid debugging if configure makes a mistake.
 It was created by mod_gnutls $as_me 0.1.1, which was
+It was created by mod_gnutls $as_me 0.2.0, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 …
   chmod +x config.nice
 MOD_GNUTLS_VERSION=0.1.1
+MOD_GNUTLS_VERSION=0.2.0
 …
 # Define the identity of the package.
  PACKAGE=mod_gnutls
  VERSION=0.1.1
+ VERSION=0.2.0
 …
                     AP_VERSION="2.0"
                     APXS_EXTENSION=.la
+                    if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MOD_STATUS_H 1
+_ACEOF
+                    fi
                     AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES"
                     AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES"
 …
 cat >&5 <<_CSEOF
 This file was extended by mod_gnutls $as_me 0.1.1, which was
+This file was extended by mod_gnutls $as_me 0.2.0, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 …
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
 mod_gnutls config.status 0.1.1
+mod_gnutls config.status 0.2.0
 configured by $0, generated by GNU Autoconf 2.59,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"

configure.ac

r8eb6ccd	r3e94bd3
1		AC_INIT(mod_gnutls, 0.~~1.1~~)
	1	AC_INIT(mod_gnutls, 0.2.0)
2	2	OOO_CONFIG_NICE(config.nice)
3	3	MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION

include/mod_gnutls.h.in

-                      r8eb6ccd
+                      r3e94bd3
 #include "ap_release.h"
+#include <gcrypt.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
 #ifndef __mod_gnutls_h_inc
 #define __mod_gnutls_h_inc
 #define HAVE_APR_MEMCACHE    @have_apr_memcache@
-#include <gcrypt.h>
-#include <gnutls/gnutls.h>
 module AP_MODULE_DECLARE_DATA gnutls_module;
 …
 typedef enum
+{
     mod_gnutls_cache_none,
     mod_gnutls_cache_dbm,
+    mgs_cache_none,
+    mgs_cache_dbm,
 #if HAVE_APR_MEMCACHE
     mod_gnutls_cache_memcache
+    mgs_cache_memcache
 #endif
 } mod_gnutls_cache_e;
+} mgs_cache_e;
 typedef struct
+{
+    int client_verify_mode;
+} mgs_dirconf_rec;
+typedef struct
+{
     gnutls_certificate_credentials_t certs;
+    char *key_file;
+    char *cert_file;
+    char* cert_cn;
+    gnutls_x509_crt_t cert_x509;
+    gnutls_x509_privkey_t privkey_x509;
     int enabled;
     int ciphers[16];
 …
     int cert_types[16];
     apr_time_t cache_timeout;
     mod_gnutls_cache_e cache_type;
+    mgs_cache_e cache_type;
     const char* cache_config;
     const char* rsa_params_file;
     const char* dh_params_file;
+} mod_gnutls_srvconf_rec;
+    int client_verify_mode;
+} mgs_srvconf_rec;
 typedef struct {
     int length;
     char *value;
 } mod_gnutls_char_buffer_t;
+} mgs_char_buffer_t;
 typedef struct
+{
     mod_gnutls_srvconf_rec *sc;
+    mgs_srvconf_rec *sc;
     conn_rec* c;
     gnutls_session_t session;
 …
     apr_read_type_e input_block;
     ap_input_mode_t input_mode;
     mod_gnutls_char_buffer_t input_cbuf;
+    mgs_char_buffer_t input_cbuf;
     char input_buffer[AP_IOBUFSIZE];
 …
     int status;
     int non_https;
 } mod_gnutls_handle_t;
+} mgs_handle_t;
 /** Functions in gnutls_io.c **/
 /**
  * mod_gnutls_filter_input will filter the input data
+ * mgs_filter_input will filter the input data
  * by decrypting it using GnuTLS and passes it cleartext.
+ *
 …
  * @return result status
  */
 apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
+apr_status_t mgs_filter_input(ap_filter_t * f,
                                      apr_bucket_brigade * bb,
                                      ap_input_mode_t mode,
 …
 /**
  * mod_gnutls_filter_output will filter the encrypt
+ * mgs_filter_output will filter the encrypt
  * the incoming bucket using GnuTLS and passes it onto the next filter.
+ *
 …
  * @return result status
  */
 apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
+apr_status_t mgs_filter_output(ap_filter_t * f,
                                       apr_bucket_brigade * bb);
 /**
  * mod_gnutls_transport_read is called from GnuTLS to provide encrypted
+ * mgs_transport_read is called from GnuTLS to provide encrypted
  * data from the client.
+ *
 …
  * @return size   length of the data stored in buffer
  */
 ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
                                   void *buffer, size_t len);
 /**
  * mod_gnutls_transport_write is called from GnuTLS to
+ * mgs_transport_write is called from GnuTLS to
  * write data to the client.
+ *
 …
  * @return size   length of the data written
  */
 ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
                                    const void *buffer, size_t len);
+int mgs_rehandshake(mgs_handle_t * ctxt);
 /**
  * Init the Cache after Configuration is done
  */
 int mod_gnutls_cache_post_config(apr_pool_t *p, server_rec *s,
                                  mod_gnutls_srvconf_rec *sc);
+int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
+                                 mgs_srvconf_rec *sc);
 /**
  * Init the Cache inside each Process
  */
 int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,
                                 mod_gnutls_srvconf_rec *sc);
+int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
+                                mgs_srvconf_rec *sc);
 /**
  * Setup the Session Caching
  */
 int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt);
+int mgs_cache_session_init(mgs_handle_t *ctxt);
 #define GNUTLS_SESSION_ID_STRING_LEN \
 …
  * @param strsize The Maximum Length that can be stored in str
  */
 char *mod_gnutls_session_id2sz(unsigned char *id, int idlen,
+char *mgs_session_id2sz(unsigned char *id, int idlen,
                                 char *str, int strsize);
+/* Configuration Functions */
+const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
+                                        const char *arg);
+const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
+                             const char *arg);
+const char *mgs_set_cache(cmd_parms * parms, void *dummy,
+                          const char *type, const char* arg);
+const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
+                                  const char *arg);
+const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
+                                  const char *arg);
+const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
+                                   const char *arg);
+const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
+                            const char *arg);
+void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
+void *mgs_config_dir_create(apr_pool_t *p, char *dir);
+mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
+/* mod_gnutls Hooks. */
+int mgs_hook_pre_config(apr_pool_t * pconf,
+                        apr_pool_t * plog, apr_pool_t * ptemp);
+int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
+                         apr_pool_t * ptemp,
+                         server_rec * base_server);
+void mgs_hook_child_init(apr_pool_t *p, server_rec *s);
+const char *mgs_hook_http_scheme(const request_rec * r);
+apr_port_t mgs_hook_default_port(const request_rec * r);
+int mgs_hook_pre_connection(conn_rec * c, void *csd);
+int mgs_hook_fixups(request_rec *r);
+int mgs_hook_authz(request_rec *r);
 #endif /*  __mod_gnutls_h_inc */

m4/apache.m4

-                      r8eb6ccd
+                      r3e94bd3
 dnl Test for Apache apxs, APR, and APU
 AC_DEFUN(CHECK_APACHE,
+AC_DEFUN([CHECK_APACHE],
 [dnl
 AC_ARG_WITH(
 …
                     AP_VERSION="2.0"
                     APXS_EXTENSION=.la
+                    if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then
+                        AC_DEFINE(HAVE_MOD_STATUS_H,1,[Define to 1 if mod_status.h and the mod_Status hook are available])
+                    fi
                     AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES"
                     AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES"

m4/apache_test.m4

r8eb6ccd	r3e94bd3
2	2	dnl Test for Apache
3	3	dnl
4		AC_DEFUN(~~TEST_APACHE_VERSION~~,
	4	AC_DEFUN([TEST_APACHE_VERSION],
5	5	[dnl
6	6	AC_REQUIRE([AC_CANONICAL_TARGET])

m4/apr_memcache.m4

r8eb6ccd	r3e94bd3
3	3	dnl Sets:
4	4	dnl APR_MEMCACHE_LIBS
5		AC_DEFUN(~~CHECK_APR_MEMCACHE~~,
	5	AC_DEFUN([CHECK_APR_MEMCACHE],
6	6	[dnl
7	7

m4/libgnutls.m4

r8eb6ccd	r3e94bd3
1	1	dnl Check for libgnutls libraries
2	2	dnl CHECK_LIBGNUTLS(MINIMUM-VERSION)
3		AC_DEFUN(~~CHECK_LIBGNUTLS~~,
	3	AC_DEFUN([CHECK_LIBGNUTLS],
4	4	[dnl
5	5

m4/outoforder.m4

-                      r8eb6ccd
+                      r3e94bd3
 dnl regenerates the output files. config.nice is useful after you rebuild
 dnl ./configure (via autoconf or autogen.sh)
 AC_DEFUN(OOO_CONFIG_NICE,[
+AC_DEFUN([OOO_CONFIG_NICE],[
   echo configure: creating $1
   rm -f $1
 …
 dnl this macro adds a maintainer mode option to enable programmer specific
 dnl  code in makefiles
 AC_DEFUN(OOO_MAINTAIN_MODE,[
+AC_DEFUN([OOO_MAINTAIN_MODE],[
   AC_ARG_ENABLE(
         maintainer,

src/Makefile.am

r8eb6ccd	r3e94bd3
1	1	CLEANFILES = .libs/libmod_gnutls *~
2	2
3		libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c
	3	libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
4	4	libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
5	5	libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}

src/Makefile.in

-                      r8eb6ccd
+                      r3e94bd3
 libmod_gnutls_la_LIBADD =
 am_libmod_gnutls_la_OBJECTS = libmod_gnutls_la-mod_gnutls.lo \
+        libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo
+        libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo \
+        libmod_gnutls_la-gnutls_config.lo \
+        libmod_gnutls_la-gnutls_hooks.lo
 libmod_gnutls_la_OBJECTS = $(am_libmod_gnutls_la_OBJECTS)
 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
 …
 target_vendor = @target_vendor@
 CLEANFILES = .libs/libmod_gnutls *~
 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c
+libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
 libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
 libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}
 …
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_cache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_io.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-mod_gnutls.Plo@am__quote@
 …
 @AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo '$(srcdir)/'`gnutls_cache.c
+libmod_gnutls_la-gnutls_config.lo: gnutls_config.c
+@am__fastdepCC_TRUE@    if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_config.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c; \
+@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='gnutls_config.c' object='libmod_gnutls_la-gnutls_config.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c
+libmod_gnutls_la-gnutls_hooks.lo: gnutls_hooks.c
+@am__fastdepCC_TRUE@    if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_hooks.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c; \
+@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='gnutls_hooks.c' object='libmod_gnutls_la-gnutls_hooks.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c
 mostlyclean-libtool:

src/gnutls_cache.c

-                      r8eb6ccd
+                      r3e94bd3
+}
 char *mod_gnutls_session_id2sz(unsigned char *id, int idlen,
+char *mgs_session_id2sz(unsigned char *id, int idlen,
                                char *str, int strsize)
+{
 …
 static apr_memcache_t* mc;
 int mc_cache_child_init(apr_pool_t *p, server_rec *s,
                                 mod_gnutls_srvconf_rec *sc)
+static int mc_cache_child_init(apr_pool_t *p, server_rec *s,
+                                mgs_srvconf_rec *sc)
+{
     apr_status_t rv = APR_SUCCESS;
 …
+{
     apr_status_t rv = APR_SUCCESS;
     mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     char buf[STR_SESSION_LEN];
     char* strkey = NULL;
 …
+{
     apr_status_t rv = APR_SUCCESS;
     mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     char buf[STR_SESSION_LEN];
     char* strkey = NULL;
 …
     if (rv != APR_SUCCESS) {
+#if MOD_GNUTLS_DEBUG
         ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
                      ctxt->c->base_server,
                      "[gnutls_cache] error fetching key '%s' ",
                      strkey);
+#endif
         data.size = 0;
         data.data = NULL;
 …
+{
     apr_status_t rv = APR_SUCCESS;
     mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     char buf[STR_SESSION_LEN];
     char* strkey = NULL;
 …
 #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
 static int dbm_cache_expire(mod_gnutls_handle_t *ctxt)
+static int dbm_cache_expire(mgs_handle_t *ctxt)
+{
     apr_status_t rv;
 …
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
     mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     apr_status_t rv;
 …
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
     mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     apr_status_t rv;
     apr_time_t expiry;
 …
     apr_dbm_t *dbm;
     apr_datum_t dbmkey;
     mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     apr_status_t rv;
 …
 static int dbm_cache_post_config(apr_pool_t *p, server_rec *s,
                                 mod_gnutls_srvconf_rec *sc)
+                                mgs_srvconf_rec *sc)
+{
     apr_status_t rv;
 …
+}
 int mod_gnutls_cache_post_config(apr_pool_t *p, server_rec *s,
                                  mod_gnutls_srvconf_rec *sc)
+{
     if (sc->cache_type == mod_gnutls_cache_dbm) {
+int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
+                                 mgs_srvconf_rec *sc)
+{
+    if (sc->cache_type == mgs_cache_dbm) {
         return dbm_cache_post_config(p, s, sc);
+    }
 …
+}
 int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,
                                 mod_gnutls_srvconf_rec *sc)
+{
     if (sc->cache_type == mod_gnutls_cache_dbm) {
+int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
+                                mgs_srvconf_rec *sc)
+{
+    if (sc->cache_type == mgs_cache_dbm) {
         return 0;
+    }
 #if HAVE_APR_MEMCACHE
     else if (sc->cache_type == mod_gnutls_cache_memcache) {
+    else if (sc->cache_type == mgs_cache_memcache) {
         return mc_cache_child_init(p, s, sc);
+    }
 …
  #include <assert.h>
 int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt)
+{
     if (ctxt->sc->cache_type == mod_gnutls_cache_dbm) {
+int mgs_cache_session_init(mgs_handle_t *ctxt)
+{
+    if (ctxt->sc->cache_type == mgs_cache_dbm) {
         gnutls_db_set_retrieve_function(ctxt->session, dbm_cache_fetch);
         gnutls_db_set_remove_function(ctxt->session, dbm_cache_delete);
 …
+    }
 #if HAVE_APR_MEMCACHE
     else if (ctxt->sc->cache_type == mod_gnutls_cache_memcache) {
+    else if (ctxt->sc->cache_type == mgs_cache_memcache) {
         gnutls_db_set_retrieve_function(ctxt->session, mc_cache_fetch);
         gnutls_db_set_remove_function(ctxt->session, mc_cache_delete);

src/gnutls_io.c

-                      r8eb6ccd
+                      r3e94bd3
                                            apr_status_t status)
+{
     mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
+    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
     apr_bucket *bucket;
 …
+}
 static int char_buffer_read(mod_gnutls_char_buffer_t * buffer, char *in,
+static int char_buffer_read(mgs_char_buffer_t * buffer, char *in,
                             int inl)
+{
 …
+}
 static int char_buffer_write(mod_gnutls_char_buffer_t * buffer, char *in,
+static int char_buffer_write(mgs_char_buffer_t * buffer, char *in,
                              int inl)
+{
 …
 static apr_status_t gnutls_io_input_read(mod_gnutls_handle_t * ctxt,
+static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
                                          char *buf, apr_size_t * len)
+{
 …
+}
 static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt,
+static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
                                             char *buf, apr_size_t * len)
+{
 …
+}
+static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
+static int gnutls_do_handshake(mgs_handle_t * ctxt)
+{
     int ret;
     int errcode;
     if (ctxt->status != 0) {
         return;
+        return -1;
+    }
 tryagain:
+    ret = gnutls_handshake(ctxt->session);
+    do {
+        ret = gnutls_handshake(ctxt->session);
+    } while (ret == GNUTLS_E_AGAIN);
     if (ret < 0) {
         if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
 …
             goto tryagain;
+        }
+#if USING_2_1_RECENT
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
+                     "GnuTLS: Handshake Failed (%d) '%s'", ret,
+                      gnutls_strerror(ret));
+#else
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
                      "GnuTLS: Handshake Failed (%d) '%s'", ret,
+                      gnutls_strerror(ret));
+                     gnutls_strerror(ret));
+#endif
         ctxt->status = -1;
         gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
                           gnutls_error_to_alert(ret, NULL));
         gnutls_deinit(ctxt->session);
         return;
+        return ret;
+    }
     else {
+        /* all done with the handshake */
         ctxt->status = 1;
+        return;             /* all done with the handshake */
+    }
+}
+apr_status_t mod_gnutls_filter_input(ap_filter_t* f,
+        /* If the session was resumed, we did not set the correct
+         * server_rec in ctxt->sc.  Go Find it. (ick!)
+         */
+        if (gnutls_session_is_resumed(ctxt->session)) {
+            mgs_srvconf_rec* sc;
+            sc = mgs_find_sni_server(ctxt->session);
+            if (sc) {
+                ctxt->sc = sc;
+            }
+        }
+        return 0;
+    }
+}
+int mgs_rehandshake(mgs_handle_t * ctxt)
+{
+    int rv;
+    rv = gnutls_rehandshake(ctxt->session);
+    if (rv != 0) {
+        /* the client did not want to rehandshake. goodbye */
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+                     "GnuTLS: Client Refused Rehandshake request.");
+        return -1;
+    }
+    ctxt->status = 0;
+    rv = gnutls_do_handshake(ctxt);
+    return rv;
+}
+apr_status_t mgs_filter_input(ap_filter_t* f,
                                      apr_bucket_brigade * bb,
                                      ap_input_mode_t mode,
 …
+{
     apr_status_t status = APR_SUCCESS;
     mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
+    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
     apr_size_t len = sizeof(ctxt->input_buffer);
 …
     if (ctxt->status == 0) {
-        char* server_name;
-        int server_type;
-        int data_len = 256;
         gnutls_do_handshake(ctxt);
-        /**
-         * Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1
-         * Server Name Indication.
-         */
-        server_name = apr_palloc(ctxt->c->pool, data_len);
-        if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
-            if (server_type == GNUTLS_NAME_DNS) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-                             ctxt->c->base_server,
-                             "GnuTLS: TLS 1.1 Server Name: "
-                             "%s", server_name);
+            }
+        }
+    }
 …
+}
 apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
+apr_status_t mgs_filter_output(ap_filter_t * f,
                                       apr_bucket_brigade * bb)
+{
     apr_size_t ret;
     apr_bucket* e;
     mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
+    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
     apr_status_t status = APR_SUCCESS;
     apr_read_type_e rblock = APR_NONBLOCK_READ;
 …
+}
 ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
                                   void *buffer, size_t len)
+{
     mod_gnutls_handle_t *ctxt = ptr;
+    mgs_handle_t *ctxt = ptr;
     apr_status_t rc;
     apr_size_t in = len;
 …
 static ssize_t write_flush(mod_gnutls_handle_t * ctxt)
+static ssize_t write_flush(mgs_handle_t * ctxt)
+{
     apr_bucket *e;
 …
+}
 ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
                                    const void *buffer, size_t len)
+{
     mod_gnutls_handle_t *ctxt = ptr;
+    mgs_handle_t *ctxt = ptr;
     /* pass along the encrypted data

src/mod_gnutls.c

-                      r8eb6ccd
+                      r3e94bd3
 #include "mod_gnutls.h"
+#if APR_HAS_THREADS
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+static void gnutls_hooks(apr_pool_t * p)
+{
+    ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL,
+                           APR_HOOK_MIDDLE);
+    ap_hook_post_config(mgs_hook_post_config, NULL, NULL,
+                        APR_HOOK_MIDDLE);
+    ap_hook_child_init(mgs_hook_child_init, NULL, NULL,
+                       APR_HOOK_MIDDLE);
+#if USING_2_1_RECENT
+    ap_hook_http_scheme(mgs_hook_http_scheme, NULL, NULL,
+                        APR_HOOK_MIDDLE);
+#else
+    ap_hook_http_method(mgs_hook_http_scheme, NULL, NULL,
+                        APR_HOOK_MIDDLE);
 #endif
+#if MOD_GNUTLS_DEBUG
+static apr_file_t* debug_log_fp;
+#endif
+static apr_status_t mod_gnutls_cleanup_pre_config(void *data)
+{
+    gnutls_global_deinit();
+    return APR_SUCCESS;
+}
+#if MOD_GNUTLS_DEBUG
+static void gnutls_debug_log_all( int level, const char* str)
+{
+    apr_file_printf(debug_log_fp, "<%d> %s\n", level, str);
+}
+#endif
+static int mod_gnutls_hook_pre_config(apr_pool_t * pconf,
+                                      apr_pool_t * plog, apr_pool_t * ptemp)
+{
+#if APR_HAS_THREADS
+    /* TODO: Check MPM Type here */
+    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+#endif
+    gnutls_global_init();
+    apr_pool_cleanup_register(pconf, NULL, mod_gnutls_cleanup_pre_config,
+                              apr_pool_cleanup_null);
+#if MOD_GNUTLS_DEBUG
+    apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
+                  APR_APPEND|APR_WRITE|APR_CREATE, APR_OS_DEFAULT, pconf);
+    gnutls_global_set_log_level(9);
+    gnutls_global_set_log_function(gnutls_debug_log_all);
+#endif
+    return OK;
+    ap_hook_default_port(mgs_hook_default_port, NULL, NULL,
+                         APR_HOOK_MIDDLE);
+    ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL,
+                       APR_HOOK_MIDDLE);
+    ap_hook_access_checker(mgs_hook_authz, NULL, NULL, APR_HOOK_REALLY_FIRST);
+    ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
+    /* TODO: HTTP Upgrade Filter */
+    /* ap_register_output_filter ("UPGRADE_FILTER",
+        *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
+*/
+    ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
+                             mgs_filter_input, NULL,
+                             AP_FTYPE_CONNECTION + 5);
+    ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
+                              mgs_filter_output, NULL,
+                              AP_FTYPE_CONNECTION + 5);
+}
+static gnutls_datum load_params(const char* file, server_rec* s,
+                                apr_pool_t* pool)
+{
+    gnutls_datum ret = { NULL, 0 };
+    apr_file_t* fp;
+    apr_finfo_t finfo;
+    apr_status_t rv;
+    apr_size_t br = 0;
+    rv = apr_file_open(&fp, file, APR_READ|APR_BINARY, APR_OS_DEFAULT,
+                       pool);
+    if (rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
+                     "GnuTLS failed to load params file at: %s", file);
+        return ret;
+    }
+    rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
+    if (rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
+                     "GnuTLS failed to stat params file at: %s", file);
+        return ret;
+    }
+    ret.data = apr_palloc(pool, finfo.size+1);
+    rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
+    if (rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
+                     "GnuTLS failed to read params file at: %s", file);
+        return ret;
+    }
+    ret.data[br] = '\0';
+    ret.size = br;
+    return ret;
+}
+static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
+                                       apr_pool_t * ptemp,
+                                       server_rec * base_server)
+{
+    int rv;
+    server_rec *s;
+    gnutls_dh_params_t dh_params;
+    gnutls_rsa_params_t rsa_params;
+    mod_gnutls_srvconf_rec *sc;
+    mod_gnutls_srvconf_rec *sc_base;
+    void *data = NULL;
+    int first_run = 0;
+    const char *userdata_key = "mod_gnutls_init";
+    apr_pool_userdata_get(&data, userdata_key, base_server->process->pool);
+    if (data == NULL) {
+        first_run = 1;
+        apr_pool_userdata_set((const void *)1, userdata_key,
+                              apr_pool_cleanup_null,
+                              base_server->process->pool);
+    }
+    if (!first_run) {
+        gnutls_datum pdata;
+        apr_pool_t* tpool;
+        s = base_server;
+        sc_base = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
+                                                             &gnutls_module);
+        apr_pool_create(&tpool, p);
+        gnutls_dh_params_init(&dh_params);
+        pdata = load_params(sc_base->dh_params_file, s, tpool);
+        if (pdata.size != 0) {
+            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
+                                               GNUTLS_X509_FMT_PEM);
+            if (rv != 0) {
+                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                             "GnuTLS: Unable to load DH Params: (%d) %s",
+                             rv, gnutls_strerror(rv));
+                exit(rv);
+            }
+        }
+        else {
+            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                         "GnuTLS: Unable to load DH Params."
+                         " Shutting Down.");
+            exit(-1);
+        }
+        apr_pool_clear(tpool);
+        gnutls_rsa_params_init(&rsa_params);
+        pdata = load_params(sc_base->rsa_params_file, s, tpool);
+        if (pdata.size != 0) {
+            rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata,
+                                                GNUTLS_X509_FMT_PEM);
+            if (rv != 0) {
+                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                             "GnuTLS: Unable to load RSA Params: (%d) %s",
+                             rv, gnutls_strerror(rv));
+                exit(rv);
+            }
+        }
+        else {
+            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                         "GnuTLS: Unable to load RSA Params."
+                         " Shutting Down.");
+            exit(-1);
+        }
+        apr_pool_destroy(tpool);
+        rv = mod_gnutls_cache_post_config(p, s, sc_base);
+        if (rv != 0) {
+            ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
+                         "GnuTLS: Post Config for GnuTLSCache Failed."
+                         " Shutting Down.");
+            exit(-1);
+        }
+        for (s = base_server; s; s = s->next) {
+            sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
+                                                                 &gnutls_module);
+            sc->cache_type = sc_base->cache_type;
+            sc->cache_config = sc_base->cache_config;
+            if (sc->cert_file != NULL && sc->key_file != NULL) {
+                rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file,
+                                                 sc->key_file,
+                                                 GNUTLS_X509_FMT_PEM);
+                if (rv != 0) {
+                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                         "[GnuTLS] - Host '%s:%d' has an invalid key or certificate:"
+                         "(%s,%s) (%d) %s",
+                         s->server_hostname, s->port, sc->cert_file, sc->key_file,
+                         rv, gnutls_strerror(rv));
+                }
+                else {
+                    gnutls_certificate_set_rsa_export_params(sc->certs,
+                                                     rsa_params);
+                    gnutls_certificate_set_dh_params(sc->certs, dh_params);
+                }
+            }
+            else if (sc->enabled == GNUTLS_ENABLED_TRUE) {
+                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                             "[GnuTLS] - Host '%s:%d' is missing a "
+                             "Cert and Key File!",
+                         s->server_hostname, s->port);
+            }
+        }
+    } /* first_run */
+    ap_add_version_component(p, "mod_gnutls/" MOD_GNUTLS_VERSION);
+    return OK;
+}
+static void mod_gnutls_hook_child_init(apr_pool_t *p, server_rec *s)
+{
+    apr_status_t rv = APR_SUCCESS;
+    mod_gnutls_srvconf_rec *sc = ap_get_module_config(s->module_config,
+                                                      &gnutls_module);
+    if (sc->cache_type != mod_gnutls_cache_none) {
+        rv = mod_gnutls_cache_child_init(p, s, sc);
+        if(rv != APR_SUCCESS) {
+            ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
+                             "[GnuTLS] - Failed to run Cache Init");
+        }
+    }
+    else {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
+                     "[GnuTLS] - No Cache Configured. Hint: GnuTLSCache");
+    }
+}
+static const char *mod_gnutls_hook_http_scheme(const request_rec * r)
+{
+    mod_gnutls_srvconf_rec *sc =
+        (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server->
+                                                        module_config,
+                                                        &gnutls_module);
+    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
+        return NULL;
+    }
+    return "https";
+}
+static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
+{
+    mod_gnutls_srvconf_rec *sc =
+        (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server->
+                                                        module_config,
+                                                        &gnutls_module);
+    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
+        return 0;
+    }
+    return 443;
+}
+/* TODO: Complete support for Server Name Indication */
+static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret)
+{
+    char* server_name;
+    int server_type;
+    int data_len = 256;
+    mod_gnutls_handle_t *ctxt;
+    ctxt = gnutls_transport_get_ptr(session);
+    ret->type = GNUTLS_CRT_X509;
+    ret->ncerts = 1;
+    server_name = apr_palloc(ctxt->c->pool, data_len);
+    if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
+        if (server_type == GNUTLS_NAME_DNS) {
+            ap_log_error(APLOG_MARK, APLOG_INFO, 0,
+                         ctxt->c->base_server,
+                         "GnuTLS: Virtual Host: "
+                         "%s", server_name);
+        }
+    }
+    return 0;
+}
+static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
+{
+    mod_gnutls_handle_t *ctxt;
+    mod_gnutls_srvconf_rec *sc =
+        (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server->
+                                                        module_config,
+                                                        &gnutls_module);
+    ctxt = apr_pcalloc(pool, sizeof(*ctxt));
+    ctxt->c = c;
+    ctxt->sc = sc;
+    ctxt->status = 0;
+    ctxt->input_rc = APR_SUCCESS;
+    ctxt->input_bb = apr_brigade_create(c->pool, c->bucket_alloc);
+    ctxt->input_cbuf.length = 0;
+    ctxt->output_rc = APR_SUCCESS;
+    ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc);
+    ctxt->output_blen = 0;
+    ctxt->output_length = 0;
+    gnutls_init(&ctxt->session, GNUTLS_SERVER);
+    gnutls_protocol_set_priority(ctxt->session, sc->protocol);
+    gnutls_cipher_set_priority(ctxt->session, sc->ciphers);
+    gnutls_compression_set_priority(ctxt->session, sc->compression);
+    gnutls_kx_set_priority(ctxt->session, sc->key_exchange);
+    gnutls_mac_set_priority(ctxt->session, sc->macs);
+    gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types);
+    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs);
+    gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE);
+    mod_gnutls_cache_session_init(ctxt);
+    /* TODO: Finish Support for Server Name Indication */
+    /* gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); */
+    return ctxt;
+}
+static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
+{
+    mod_gnutls_handle_t *ctxt;
+    mod_gnutls_srvconf_rec *sc =
+        (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server->
+                                                        module_config,
+                                                        &gnutls_module);
+    if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
+        return DECLINED;
+    }
+    ctxt = create_gnutls_handle(c->pool, c);
+    ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
+    gnutls_transport_set_pull_function(ctxt->session,
+                                       mod_gnutls_transport_read);
+    gnutls_transport_set_push_function(ctxt->session,
+                                       mod_gnutls_transport_write);
+    gnutls_transport_set_ptr(ctxt->session, ctxt);
+    ctxt->input_filter = ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt,
+                                             NULL, c);
+    ctxt->output_filter = ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt,
+                                               NULL, c);
+    return OK;
+}
+static int mod_gnutls_hook_fixups(request_rec *r)
+{
+    unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
+    char buf[GNUTLS_SESSION_ID_STRING_LEN];
+    const char* tmp;
+    int len;
+    mod_gnutls_handle_t *ctxt;
+    apr_table_t *env = r->subprocess_env;
+    ctxt = ap_get_module_config(r->connection->conn_config, &gnutls_module);
+    if(!ctxt) {
+        return DECLINED;
+    }
+    apr_table_setn(env, "HTTPS", "on");
+    apr_table_setn(env, "GNUTLS_VERSION_INTERFACE", MOD_GNUTLS_VERSION);
+    apr_table_setn(env, "GNUTLS_VERSION_LIBRARY", LIBGNUTLS_VERSION);
+    apr_table_setn(env, "SSL_PROTOCOL",
+                   gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session)));
+    apr_table_setn(env, "SSL_CIPHER",
+                   gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session)));
+    apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
+    tmp = apr_psprintf(r->pool, "%d",
+* gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session)));
+    apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp);
+    apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp);
+    len = sizeof(sbuf);
+    gnutls_session_get_id(ctxt->session, sbuf, &len);
+    tmp = mod_gnutls_session_id2sz(sbuf, len, buf, sizeof(buf));
+    apr_table_setn(env, "SSL_SESSION_ID", tmp);
+    return OK;
+}
+static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy,
+                                        const char *arg)
+{
+    mod_gnutls_srvconf_rec *sc =
+        (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
+                                                        module_config,
+                                                        &gnutls_module);
+    sc->cert_file = ap_server_root_relative(parms->pool, arg);
+    return NULL;
+}
+static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy,
+                                       const char *arg)
+{
+    mod_gnutls_srvconf_rec *sc =
+        (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
+                                                        module_config,
+                                                        &gnutls_module);
+    sc->key_file = ap_server_root_relative(parms->pool, arg);
+    return NULL;
+}
+static const char *gnutls_set_cache(cmd_parms * parms, void *dummy,
+                                       const char *type, const char* arg)
+{
+    const char* err;
+    mod_gnutls_srvconf_rec *sc = ap_get_module_config(parms->server->
+                                                        module_config,
+                                                        &gnutls_module);
+    if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
+        return err;
+    }
+    if (strcasecmp("none", type) == 0) {
+        sc->cache_type = mod_gnutls_cache_none;
+    }
+    else if (strcasecmp("dbm", type) == 0) {
+        sc->cache_type = mod_gnutls_cache_dbm;
+    }
+#if HAVE_APR_MEMCACHE
+    else if (strcasecmp("memcache", type) == 0) {
+        sc->cache_type = mod_gnutls_cache_memcache;
+    }
+#endif
+    else {
+        return "Invalid Type for GnuTLSCache!";
+    }
+    if (sc->cache_type == mod_gnutls_cache_dbm) {
+        sc->cache_config = ap_server_root_relative(parms->pool, arg);
+    }
+    else {
+        sc->cache_config = apr_pstrdup(parms->pool, arg);
+    }
+    return NULL;
+}
+static const char *gnutls_set_enabled(cmd_parms * parms, void *dummy,
+                                      const char *arg)
+{
+    mod_gnutls_srvconf_rec *sc =
+        (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
+                                                        module_config,
+                                                        &gnutls_module);
+    if (!strcasecmp(arg, "On")) {
+        sc->enabled = GNUTLS_ENABLED_TRUE;
+    }
+    else if (!strcasecmp(arg, "Off")) {
+        sc->enabled = GNUTLS_ENABLED_FALSE;
+    }
+    else {
+        return "GnuTLSEnable must be set to 'On' or 'Off'";
+    }
+    return NULL;
+}
+static const command_rec gnutls_cmds[] = {
+    AP_INIT_TAKE1("GnuTLSCertificateFile", gnutls_set_cert_file,
+static const command_rec mgs_config_cmds[] = {
+    AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
+                  NULL,
+                  RSRC_CONF|OR_AUTHCFG,
+                  "Set Verification Requirements of the Client Certificate"),
+    AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file,
+                  NULL,
+                  RSRC_CONF,
+                  "Set the CA File for Client Certificates"),
+    AP_INIT_TAKE1("GnuTLSCertificateFile", mgs_set_cert_file,
                   NULL,
                   RSRC_CONF,
                   "SSL Server Key file"),
     AP_INIT_TAKE1("GnuTLSKeyFile", gnutls_set_key_file,
+    AP_INIT_TAKE1("GnuTLSKeyFile", mgs_set_key_file,
                   NULL,
                   RSRC_CONF,
                   "SSL Server Certificate file"),
+    AP_INIT_TAKE2("GnuTLSCache", gnutls_set_cache,
+    AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
+                  NULL,
+                  RSRC_CONF,
+                  "Cache Timeout"),
+    AP_INIT_TAKE2("GnuTLSCache", mgs_set_cache,
                   NULL,
                   RSRC_CONF,
                   "Cache Configuration"),
     AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled,
+    AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
                   NULL, RSRC_CONF,
                   "Whether this server has GnuTLS Enabled. Default: Off"),
     {NULL}
 };
-/* TODO: CACertificateFile & Client Authentication
- *    AP_INIT_TAKE1("GnuTLSCACertificateFile", ap_set_server_string_slot,
- *                 (void *) APR_OFFSETOF(gnutls_srvconf_rec, key_file), NULL,
- *                 RSRC_CONF,
- *                 "CA"),
- */
-static void gnutls_hooks(apr_pool_t * p)
+{
-    ap_hook_pre_connection(mod_gnutls_hook_pre_connection, NULL, NULL,
-                           APR_HOOK_MIDDLE);
-    ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-    ap_hook_child_init(mod_gnutls_hook_child_init, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-#if USING_2_1_RECENT
-    ap_hook_http_scheme(mod_gnutls_hook_http_scheme, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-#else
-    ap_hook_http_method(mod_gnutls_hook_http_scheme, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-#endif
-    ap_hook_default_port(mod_gnutls_hook_default_port, NULL, NULL,
-                         APR_HOOK_MIDDLE);
-    ap_hook_pre_config(mod_gnutls_hook_pre_config, NULL, NULL,
-                       APR_HOOK_MIDDLE);
-    ap_hook_fixups(mod_gnutls_hook_fixups, NULL, NULL, APR_HOOK_MIDDLE);
-    /* TODO: HTTP Upgrade Filter */
-    /* ap_register_output_filter ("UPGRADE_FILTER",
-     *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
-     */
-    ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
-                             mod_gnutls_filter_input, NULL,
-                             AP_FTYPE_CONNECTION + 5);
-    ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
-                              mod_gnutls_filter_output, NULL,
-                              AP_FTYPE_CONNECTION + 5);
+}
-static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
+{
-    int i;
-    mod_gnutls_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc));
-    sc->enabled = GNUTLS_ENABLED_FALSE;
-    gnutls_certificate_allocate_credentials(&sc->certs);
-    sc->key_file = NULL;
-    sc->cert_file = NULL;
-    sc->cache_timeout = apr_time_from_sec(3600);
-    sc->cache_type = mod_gnutls_cache_dbm;
-    sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");
-    /* TODO: Make this Configurable ! */
-    sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile");
-    sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile");
-    /* TODO: Make this Configurable ! */
-    /* meh. mod_ssl uses a flex based parser for this part.. sigh */
-    i = 0;
-    sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC;
-    sc->ciphers[i++] = GNUTLS_CIPHER_AES_128_CBC;
-    sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_128;
-    sc->ciphers[i++] = GNUTLS_CIPHER_3DES_CBC;
-    sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_40;
-    sc->ciphers[i] = 0;
-    i = 0;
-    sc->key_exchange[i++] = GNUTLS_KX_RSA;
-    sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT;
-    sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS;
-    sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA;
-    sc->key_exchange[i++] = GNUTLS_KX_ANON_DH;
-    sc->key_exchange[i++] = GNUTLS_KX_SRP;
-    sc->key_exchange[i++] = GNUTLS_KX_SRP_RSA;
-    sc->key_exchange[i++] = GNUTLS_KX_SRP_DSS;
-    sc->key_exchange[i] = 0;
-    i = 0;
-    sc->macs[i++] = GNUTLS_MAC_SHA;
-    sc->macs[i++] = GNUTLS_MAC_MD5;
-    sc->macs[i++] = GNUTLS_MAC_RMD160;
-    sc->macs[i] = 0;
-    i = 0;
-    sc->protocol[i++] = GNUTLS_TLS1_1;
-    sc->protocol[i++] = GNUTLS_TLS1;
-    sc->protocol[i++] = GNUTLS_SSL3;
-    sc->protocol[i] = 0;
-    i = 0;
-    sc->compression[i++] = GNUTLS_COMP_NULL;
-    sc->compression[i++] = GNUTLS_COMP_ZLIB;
-    sc->compression[i++] = GNUTLS_COMP_LZO;
-    sc->compression[i] = 0;
-    i = 0;
-    sc->cert_types[i++] = GNUTLS_CRT_X509;
-    sc->cert_types[i] = 0;
-    return sc;
+}
 module AP_MODULE_DECLARE_DATA gnutls_module = {
     STANDARD20_MODULE_STUFF,
+    mgs_config_dir_create,
     NULL,
+    mgs_config_server_create,
     NULL,
+    gnutls_config_server_create,
+    NULL,
+/*    gnutls_config_server_merge, */
+    gnutls_cmds,
+    mgs_config_cmds,
     gnutls_hooks
 };

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 3e94bd3 in mod_gnutls

Legend:

Download in other formats: