Changeset 3e94bd3 in mod_gnutls

Timestamp:

Jan 11, 2013, 12:54:56 AM (7 years ago)

Author:

Daniel Kahn Gillmor <dkg@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, upstream

Children:

1c87791, 70c2d86

Parents:

8eb6ccd

Message:

Imported Upstream version 0.2.0

Files:

• config.in (modified) (1 diff)
• config/config.guess (modified) (5 diffs)
• config/config.sub (modified) (4 diffs)
• configure (modified) (11 diffs)
• configure.ac (modified) (1 diff)
• include/mod_gnutls.h.in (modified) (11 diffs)
• m4/apache.m4 (modified) (2 diffs)
• m4/apache_test.m4 (modified) (1 diff)
• m4/apr_memcache.m4 (modified) (1 diff)
• m4/libgnutls.m4 (modified) (1 diff)
• m4/outoforder.m4 (modified) (2 diffs)
• src/Makefile.am (modified) (1 diff)
• src/Makefile.in (modified) (4 diffs)
• src/gnutls_cache.c (modified) (15 diffs)
• src/gnutls_config.c (added)
• src/gnutls_hooks.c (added)
• src/gnutls_io.c (modified) (13 diffs)
• src/mod_gnutls.c (modified) (1 diff)

config.in

@@ -1 +1 @@
 /* config.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if mod_status.h and the mod_Status hook are available */
+#undef HAVE_MOD_STATUS_H
 
 /* Name of package */

config/config.guess

@@ -2 +2 @@
 # Attempt to guess a canonical system name.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
-
-timestamp='2004-11-12'
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-03-24'
 
 # This file is free software; you can redistribute it and/or modify it
@@ -54 +54 @@
 
 Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 
@@ -804 +804 @@
     i*:UWIN*:*)
         echo ${UNAME_MACHINE}-pc-uwin
+        exit 0 ;;
+    amd64:CYGWIN*:*:*)
+        echo x86_64-unknown-cygwin
         exit 0 ;;
     p*:CYGWIN*:*)
@@ -1198 +1201 @@
         echo i386-pc-qnx
         exit 0 ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+        echo nse-tandem-nsk${UNAME_RELEASE}
+        exit 0 ;;
     NSR-?:NONSTOP_KERNEL:*:*)
         echo nsr-tandem-nsk${UNAME_RELEASE}
@@ -1414 +1420 @@
 download the most up to date version of the config scripts from
 
-    ftp://ftp.gnu.org/pub/gnu/config/
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
 
 If the version you run ($0) is already up to date, please

config/config.sub

@@ -2 +2 @@
 # Configuration validation subroutine script.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
-
-timestamp='2004-11-30'
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-02-10'
 
 # This file is (in principle) common to ALL GNU software.
@@ -71 +71 @@
 GNU config.sub ($timestamp)
 
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
 Free Software Foundation, Inc.
 
@@ -238 +238 @@
         | i370 | i860 | i960 | ia64 \
         | ip2k | iq2000 \
-        | m32r | m32rle | m68000 | m68k | m88k | mcore \
+        | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
         | mips | mipsbe | mipseb | mipsel | mipsle \
         | mips16 \
@@ -311 +311 @@
         | m32r-* | m32rle-* \
         | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-        | m88110-* | m88k-* | mcore-* \
+        | m88110-* | m88k-* | maxq-* | mcore-* \
         | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
         | mips16-* \

configure

@@ -1 +1 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for mod_gnutls 0.1.1.
+# Generated by GNU Autoconf 2.59 for mod_gnutls 0.2.0.
 #
 # Copyright (C) 2003 Free Software Foundation, Inc.
@@ -268 +268 @@
 PACKAGE_NAME='mod_gnutls'
 PACKAGE_TARNAME='mod_gnutls'
-PACKAGE_VERSION='0.1.1'
-PACKAGE_STRING='mod_gnutls 0.1.1'
+PACKAGE_VERSION='0.2.0'
+PACKAGE_STRING='mod_gnutls 0.2.0'
 PACKAGE_BUGREPORT=''
 
@@ -738 +738 @@
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures mod_gnutls 0.1.1 to adapt to many kinds of systems.
+\`configure' configures mod_gnutls 0.2.0 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -805 +805 @@
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of mod_gnutls 0.1.1:";;
+     short | recursive ) echo "Configuration of mod_gnutls 0.2.0:";;
    esac
   cat <<\_ACEOF
@@ -935 +935 @@
 if $ac_init_version; then
   cat <<\_ACEOF
-mod_gnutls configure 0.1.1
+mod_gnutls configure 0.2.0
 generated by GNU Autoconf 2.59
 
@@ -949 +949 @@
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by mod_gnutls $as_me 0.1.1, which was
+It was created by mod_gnutls $as_me 0.2.0, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
@@ -1303 +1303 @@
   chmod +x config.nice
 
-MOD_GNUTLS_VERSION=0.1.1
+MOD_GNUTLS_VERSION=0.2.0
 
 
@@ -1731 +1731 @@
 # Define the identity of the package.
  PACKAGE=mod_gnutls
- VERSION=0.1.1
+ VERSION=0.2.0
 
 
@@ -3444 +3444 @@
                     AP_VERSION="2.0"
                     APXS_EXTENSION=.la
+                    if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MOD_STATUS_H 1
+_ACEOF
+
+                    fi
                     AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES"
                     AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES"
@@ -4335 +4342 @@
 cat >&5 <<_CSEOF
 
-This file was extended by mod_gnutls $as_me 0.1.1, which was
+This file was extended by mod_gnutls $as_me 0.2.0, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
@@ -4398 +4405 @@
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-mod_gnutls config.status 0.1.1
+mod_gnutls config.status 0.2.0
 configured by $0, generated by GNU Autoconf 2.59,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"

configure.ac

@@ -1 @@
-AC_INIT(mod_gnutls, 0.1.1)
+AC_INIT(mod_gnutls, 0.2.0)
 OOO_CONFIG_NICE(config.nice)
 MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION

include/mod_gnutls.h.in

@@ -28 +28 @@
 #include "ap_release.h"
 
+#include <gcrypt.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
 #ifndef __mod_gnutls_h_inc
 #define __mod_gnutls_h_inc
 
 #define HAVE_APR_MEMCACHE    @have_apr_memcache@
-
-#include <gcrypt.h>
-#include <gnutls/gnutls.h>
 
 module AP_MODULE_DECLARE_DATA gnutls_module;
@@ -62 +63 @@
 typedef enum 
 {
-    mod_gnutls_cache_none,
-    mod_gnutls_cache_dbm,
+    mgs_cache_none,
+    mgs_cache_dbm,
 #if HAVE_APR_MEMCACHE
-    mod_gnutls_cache_memcache
+    mgs_cache_memcache
 #endif
-} mod_gnutls_cache_e;
+} mgs_cache_e;
 
 typedef struct
 {
+    int client_verify_mode;
+} mgs_dirconf_rec;
+
+typedef struct
+{
     gnutls_certificate_credentials_t certs;
-    char *key_file;
-    char *cert_file;
+    char* cert_cn;
+    gnutls_x509_crt_t cert_x509;
+    gnutls_x509_privkey_t privkey_x509;
     int enabled;
     int ciphers[16];
@@ -82 +89 @@
     int cert_types[16];
     apr_time_t cache_timeout;
-    mod_gnutls_cache_e cache_type;
+    mgs_cache_e cache_type;
     const char* cache_config;
     const char* rsa_params_file;
     const char* dh_params_file;
-} mod_gnutls_srvconf_rec;
+    int client_verify_mode;
+} mgs_srvconf_rec;
 
 typedef struct {
     int length;
     char *value;
-} mod_gnutls_char_buffer_t;
+} mgs_char_buffer_t;
 
 typedef struct
 {
-    mod_gnutls_srvconf_rec *sc;
+    mgs_srvconf_rec *sc;
     conn_rec* c;
     gnutls_session_t session;
@@ -104 +112 @@
     apr_read_type_e input_block;
     ap_input_mode_t input_mode;
-    mod_gnutls_char_buffer_t input_cbuf;
+    mgs_char_buffer_t input_cbuf;
     char input_buffer[AP_IOBUFSIZE];
 
@@ -116 +124 @@
     int status;
     int non_https;
-} mod_gnutls_handle_t;
+} mgs_handle_t;
 
 /** Functions in gnutls_io.c **/
 
 /**
- * mod_gnutls_filter_input will filter the input data
+ * mgs_filter_input will filter the input data
  * by decrypting it using GnuTLS and passes it cleartext.
  *
@@ -130 +138 @@
  * @return result status
  */
-apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
+apr_status_t mgs_filter_input(ap_filter_t * f,
                                      apr_bucket_brigade * bb,
                                      ap_input_mode_t mode,
@@ -137 +145 @@
 
 /**
- * mod_gnutls_filter_output will filter the encrypt
+ * mgs_filter_output will filter the encrypt
  * the incoming bucket using GnuTLS and passes it onto the next filter.
  *
@@ -144 +152 @@
  * @return result status
  */
-apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
+apr_status_t mgs_filter_output(ap_filter_t * f,
                                       apr_bucket_brigade * bb);
 
 
 /**
- * mod_gnutls_transport_read is called from GnuTLS to provide encrypted 
+ * mgs_transport_read is called from GnuTLS to provide encrypted 
  * data from the client.
  *
@@ -157 +165 @@
  * @return size   length of the data stored in buffer
  */
-ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
                                   void *buffer, size_t len);
 
 /**
- * mod_gnutls_transport_write is called from GnuTLS to 
+ * mgs_transport_write is called from GnuTLS to 
  * write data to the client.
  *
@@ -169 +177 @@
  * @return size   length of the data written
  */
-ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
                                    const void *buffer, size_t len);
 
 
+int mgs_rehandshake(mgs_handle_t * ctxt);
+
+
+
 /**
  * Init the Cache after Configuration is done
  */
-int mod_gnutls_cache_post_config(apr_pool_t *p, server_rec *s, 
-                                 mod_gnutls_srvconf_rec *sc);
+int mgs_cache_post_config(apr_pool_t *p, server_rec *s, 
+                                 mgs_srvconf_rec *sc);
 /**
  * Init the Cache inside each Process
  */
-int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s, 
-                                mod_gnutls_srvconf_rec *sc);
+int mgs_cache_child_init(apr_pool_t *p, server_rec *s, 
+                                mgs_srvconf_rec *sc);
 /**
  * Setup the Session Caching
  */
-int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt);
+int mgs_cache_session_init(mgs_handle_t *ctxt);
 
 #define GNUTLS_SESSION_ID_STRING_LEN \
@@ -198 +210 @@
  * @param strsize The Maximum Length that can be stored in str
  */
-char *mod_gnutls_session_id2sz(unsigned char *id, int idlen,
+char *mgs_session_id2sz(unsigned char *id, int idlen,
                                 char *str, int strsize);
 
+
+/* Configuration Functions */
+
+const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
+                                        const char *arg);
+
+const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
+                             const char *arg);
+
+const char *mgs_set_cache(cmd_parms * parms, void *dummy,
+                          const char *type, const char* arg);
+
+const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
+                                  const char *arg);
+
+const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
+                                  const char *arg);
+
+const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
+                                   const char *arg);
+
+const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
+                            const char *arg);
+
+void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
+
+void *mgs_config_dir_create(apr_pool_t *p, char *dir);
+
+mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
+
+/* mod_gnutls Hooks. */
+
+int mgs_hook_pre_config(apr_pool_t * pconf,
+                        apr_pool_t * plog, apr_pool_t * ptemp);
+
+int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
+                         apr_pool_t * ptemp,
+                         server_rec * base_server);
+
+void mgs_hook_child_init(apr_pool_t *p, server_rec *s);
+
+const char *mgs_hook_http_scheme(const request_rec * r);
+
+apr_port_t mgs_hook_default_port(const request_rec * r);
+
+int mgs_hook_pre_connection(conn_rec * c, void *csd);
+
+int mgs_hook_fixups(request_rec *r);
+
+int mgs_hook_authz(request_rec *r);
+
 #endif /*  __mod_gnutls_h_inc */

m4/apache.m4

@@ -4 +4 @@
 dnl Test for Apache apxs, APR, and APU
 
-AC_DEFUN(CHECK_APACHE,
+AC_DEFUN([CHECK_APACHE],
 [dnl
 AC_ARG_WITH(
@@ -75 +75 @@
                     AP_VERSION="2.0"
                     APXS_EXTENSION=.la
+                    if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then
+                        AC_DEFINE(HAVE_MOD_STATUS_H,1,[Define to 1 if mod_status.h and the mod_Status hook are available])
+                    fi
                     AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES"
                     AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES"

m4/apache_test.m4

@@ -2 +2 @@
 dnl Test for Apache
 dnl
-AC_DEFUN(TEST_APACHE_VERSION,
+AC_DEFUN([TEST_APACHE_VERSION],
 [dnl
     AC_REQUIRE([AC_CANONICAL_TARGET])

m4/apr_memcache.m4

@@ -3 +3 @@
 dnl Sets:
 dnl  APR_MEMCACHE_LIBS
-AC_DEFUN(CHECK_APR_MEMCACHE,
+AC_DEFUN([CHECK_APR_MEMCACHE],
 [dnl
 

m4/libgnutls.m4

@@ -1 +1 @@
 dnl Check for libgnutls libraries
 dnl CHECK_LIBGNUTLS(MINIMUM-VERSION)
-AC_DEFUN(CHECK_LIBGNUTLS,
+AC_DEFUN([CHECK_LIBGNUTLS],
 [dnl
 

m4/outoforder.m4

@@ -5 +5 @@
 dnl regenerates the output files. config.nice is useful after you rebuild
 dnl ./configure (via autoconf or autogen.sh)
-AC_DEFUN(OOO_CONFIG_NICE,[
+AC_DEFUN([OOO_CONFIG_NICE],[
   echo configure: creating $1
   rm -f $1
@@ -26 +26 @@
 dnl this macro adds a maintainer mode option to enable programmer specific
 dnl  code in makefiles
-AC_DEFUN(OOO_MAINTAIN_MODE,[
+AC_DEFUN([OOO_MAINTAIN_MODE],[
   AC_ARG_ENABLE(
         maintainer,

src/Makefile.am

@@ -1 +1 @@
 CLEANFILES = .libs/libmod_gnutls *~
 
-libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c
+libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
 libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
 libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}

src/Makefile.in

@@ -63 +63 @@
 libmod_gnutls_la_LIBADD =
 am_libmod_gnutls_la_OBJECTS = libmod_gnutls_la-mod_gnutls.lo \
-        libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo
+        libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo \
+        libmod_gnutls_la-gnutls_config.lo \
+        libmod_gnutls_la-gnutls_hooks.lo
 libmod_gnutls_la_OBJECTS = $(am_libmod_gnutls_la_OBJECTS)
 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
@@ -197 +199 @@
 target_vendor = @target_vendor@
 CLEANFILES = .libs/libmod_gnutls *~
-libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c
+libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
 libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
 libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}
@@ -271 +273 @@
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_cache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_io.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-mod_gnutls.Plo@am__quote@
@@ -315 +319 @@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo '$(srcdir)/'`gnutls_cache.c
+
+libmod_gnutls_la-gnutls_config.lo: gnutls_config.c
+@am__fastdepCC_TRUE@    if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_config.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c; \
+@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='gnutls_config.c' object='libmod_gnutls_la-gnutls_config.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c
+
+libmod_gnutls_la-gnutls_hooks.lo: gnutls_hooks.c
+@am__fastdepCC_TRUE@    if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_hooks.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c; \
+@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='gnutls_hooks.c' object='libmod_gnutls_la-gnutls_hooks.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@   $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c
 
 mostlyclean-libtool:

src/gnutls_cache.c

@@ -54 +54 @@
 }
 
-char *mod_gnutls_session_id2sz(unsigned char *id, int idlen,
+char *mgs_session_id2sz(unsigned char *id, int idlen,
                                char *str, int strsize)
 {
@@ -80 +80 @@
 static apr_memcache_t* mc;
 
-int mc_cache_child_init(apr_pool_t *p, server_rec *s, 
-                                mod_gnutls_srvconf_rec *sc)
+static int mc_cache_child_init(apr_pool_t *p, server_rec *s, 
+                                mgs_srvconf_rec *sc)
 {
     apr_status_t rv = APR_SUCCESS;
@@ -167 +167 @@
 {
     apr_status_t rv = APR_SUCCESS;
-    mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     char buf[STR_SESSION_LEN];
     char* strkey = NULL;
@@ -194 +194 @@
 {
     apr_status_t rv = APR_SUCCESS;
-    mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     char buf[STR_SESSION_LEN];
     char* strkey = NULL;
@@ -210 +210 @@
 
     if (rv != APR_SUCCESS) {
+#if MOD_GNUTLS_DEBUG
         ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
                      ctxt->c->base_server,
                      "[gnutls_cache] error fetching key '%s' ",
                      strkey);
-
+#endif
         data.size = 0;
         data.data = NULL;
@@ -234 +235 @@
 {
     apr_status_t rv = APR_SUCCESS;
-    mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     char buf[STR_SESSION_LEN];
     char* strkey = NULL;
@@ -259 +260 @@
 #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
 
-static int dbm_cache_expire(mod_gnutls_handle_t *ctxt)
+static int dbm_cache_expire(mgs_handle_t *ctxt)
 {
     apr_status_t rv;
@@ -346 +347 @@
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
-    mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     apr_status_t rv;
 
@@ -395 +396 @@
     apr_datum_t dbmkey;
     apr_datum_t dbmval;
-    mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     apr_status_t rv;
     apr_time_t expiry;
@@ -448 +449 @@
     apr_dbm_t *dbm;
     apr_datum_t dbmkey;
-    mod_gnutls_handle_t *ctxt = baton;
+    mgs_handle_t *ctxt = baton;
     apr_status_t rv;
     
@@ -483 +484 @@
 
 static int dbm_cache_post_config(apr_pool_t *p, server_rec *s, 
-                                mod_gnutls_srvconf_rec *sc)
+                                mgs_srvconf_rec *sc)
 {
     apr_status_t rv;
@@ -518 +519 @@
 }
 
-int mod_gnutls_cache_post_config(apr_pool_t *p, server_rec *s, 
-                                 mod_gnutls_srvconf_rec *sc)
-{
-    if (sc->cache_type == mod_gnutls_cache_dbm) {
+int mgs_cache_post_config(apr_pool_t *p, server_rec *s, 
+                                 mgs_srvconf_rec *sc)
+{
+    if (sc->cache_type == mgs_cache_dbm) {
         return dbm_cache_post_config(p, s, sc);
     }
@@ -527 +528 @@
 }
 
-int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s, 
-                                mod_gnutls_srvconf_rec *sc)
-{
-    if (sc->cache_type == mod_gnutls_cache_dbm) {
+int mgs_cache_child_init(apr_pool_t *p, server_rec *s, 
+                                mgs_srvconf_rec *sc)
+{
+    if (sc->cache_type == mgs_cache_dbm) {
         return 0;
     }
 #if HAVE_APR_MEMCACHE
-    else if (sc->cache_type == mod_gnutls_cache_memcache) { 
+    else if (sc->cache_type == mgs_cache_memcache) { 
         return mc_cache_child_init(p, s, sc);
     }
@@ -543 +544 @@
  #include <assert.h>
 
-int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt)
-{
-    if (ctxt->sc->cache_type == mod_gnutls_cache_dbm) {
+int mgs_cache_session_init(mgs_handle_t *ctxt)
+{
+    if (ctxt->sc->cache_type == mgs_cache_dbm) {
         gnutls_db_set_retrieve_function(ctxt->session, dbm_cache_fetch);
         gnutls_db_set_remove_function(ctxt->session, dbm_cache_delete);
@@ -552 +553 @@
     }
 #if HAVE_APR_MEMCACHE
-    else if (ctxt->sc->cache_type == mod_gnutls_cache_memcache) { 
+    else if (ctxt->sc->cache_type == mgs_cache_memcache) { 
         gnutls_db_set_retrieve_function(ctxt->session, mc_cache_fetch);
         gnutls_db_set_remove_function(ctxt->session, mc_cache_delete);

src/gnutls_io.c

@@ -36 +36 @@
                                            apr_status_t status)
 {
-    mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
+    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
     apr_bucket *bucket;
 
@@ -64 +64 @@
 }
 
-static int char_buffer_read(mod_gnutls_char_buffer_t * buffer, char *in,
+static int char_buffer_read(mgs_char_buffer_t * buffer, char *in,
                             int inl)
 {
@@ -88 +88 @@
 }
 
-static int char_buffer_write(mod_gnutls_char_buffer_t * buffer, char *in,
+static int char_buffer_write(mgs_char_buffer_t * buffer, char *in,
                              int inl)
 {
@@ -182 +182 @@
 
 
-static apr_status_t gnutls_io_input_read(mod_gnutls_handle_t * ctxt,
+static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt,
                                          char *buf, apr_size_t * len)
 {
@@ -311 +311 @@
 }
 
-static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt,
+static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt,
                                             char *buf, apr_size_t * len)
 {
@@ -354 +354 @@
 }
 
-
-static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
+static int gnutls_do_handshake(mgs_handle_t * ctxt)
 {
     int ret;
     int errcode;
     if (ctxt->status != 0) {
-        return;
+        return -1;
     }
 
 tryagain:
-
-    ret = gnutls_handshake(ctxt->session);
+    do {
+        ret = gnutls_handshake(ctxt->session);
+    } while (ret == GNUTLS_E_AGAIN);
+    
     if (ret < 0) {
         if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
@@ -381 +382 @@
             goto tryagain;
         }
-
+#if USING_2_1_RECENT
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
+                     "GnuTLS: Handshake Failed (%d) '%s'", ret,
+                      gnutls_strerror(ret));
+#else
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
                      "GnuTLS: Handshake Failed (%d) '%s'", ret,
-                      gnutls_strerror(ret));
+                     gnutls_strerror(ret));
+#endif
         ctxt->status = -1;
         gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, 
                           gnutls_error_to_alert(ret, NULL));
         gnutls_deinit(ctxt->session);
-        return;
+        return ret;
     }
     else {
+        /* all done with the handshake */
         ctxt->status = 1;
-        return;             /* all done with the handshake */
-    }
-}
-
-
-apr_status_t mod_gnutls_filter_input(ap_filter_t* f,
+        /* If the session was resumed, we did not set the correct 
+         * server_rec in ctxt->sc.  Go Find it. (ick!)
+         */
+        if (gnutls_session_is_resumed(ctxt->session)) {
+            mgs_srvconf_rec* sc;
+            sc = mgs_find_sni_server(ctxt->session);
+            if (sc) {
+                ctxt->sc = sc;
+            }
+        }
+        return 0;
+    }
+}
+
+int mgs_rehandshake(mgs_handle_t * ctxt)
+{
+    int rv;
+
+    rv = gnutls_rehandshake(ctxt->session);
+    
+    if (rv != 0) {
+        /* the client did not want to rehandshake. goodbye */
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+                     "GnuTLS: Client Refused Rehandshake request.");
+        return -1;
+    }
+    
+    ctxt->status = 0;
+
+    rv = gnutls_do_handshake(ctxt);
+
+    return rv;
+}
+
+
+apr_status_t mgs_filter_input(ap_filter_t* f,
                                      apr_bucket_brigade * bb,
                                      ap_input_mode_t mode,
@@ -405 +442 @@
 {
     apr_status_t status = APR_SUCCESS;
-    mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
+    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
     apr_size_t len = sizeof(ctxt->input_buffer);
 
@@ -415 +452 @@
 
     if (ctxt->status == 0) {
-        char* server_name;
-        int server_type;
-        int data_len = 256;
-        
         gnutls_do_handshake(ctxt);
-        
-        /**
-         * Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1
-         * Server Name Indication.
-         */
-        server_name = apr_palloc(ctxt->c->pool, data_len);
-        if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
-            if (server_type == GNUTLS_NAME_DNS) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-                             ctxt->c->base_server,
-                             "GnuTLS: TLS 1.1 Server Name: "
-                             "%s", server_name);
-                
-            }
-        }
     }
 
@@ -481 +499 @@
 }
 
-apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
+apr_status_t mgs_filter_output(ap_filter_t * f,
                                       apr_bucket_brigade * bb)
 {
     apr_size_t ret;
     apr_bucket* e;
-    mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
+    mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx;
     apr_status_t status = APR_SUCCESS;
     apr_read_type_e rblock = APR_NONBLOCK_READ;
@@ -585 +603 @@
 }
 
-ssize_t mod_gnutls_transport_read(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr,
                                   void *buffer, size_t len)
 {
-    mod_gnutls_handle_t *ctxt = ptr;
+    mgs_handle_t *ctxt = ptr;
     apr_status_t rc;
     apr_size_t in = len;
@@ -652 +670 @@
 
 
-static ssize_t write_flush(mod_gnutls_handle_t * ctxt)
+static ssize_t write_flush(mgs_handle_t * ctxt)
 {
     apr_bucket *e;
@@ -684 +702 @@
 }
 
-ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
+ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr,
                                    const void *buffer, size_t len)
 {
-    mod_gnutls_handle_t *ctxt = ptr;
+    mgs_handle_t *ctxt = ptr;
 
     /* pass along the encrypted data

src/mod_gnutls.c

@@ -18 +18 @@
 #include "mod_gnutls.h"
 
-#if APR_HAS_THREADS
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+
+static void gnutls_hooks(apr_pool_t * p)
+{
+    ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL,
+                           APR_HOOK_MIDDLE);
+    ap_hook_post_config(mgs_hook_post_config, NULL, NULL,
+                        APR_HOOK_MIDDLE);
+    ap_hook_child_init(mgs_hook_child_init, NULL, NULL,
+                       APR_HOOK_MIDDLE);
+#if USING_2_1_RECENT
+    ap_hook_http_scheme(mgs_hook_http_scheme, NULL, NULL,
+                        APR_HOOK_MIDDLE);
+#else
+    ap_hook_http_method(mgs_hook_http_scheme, NULL, NULL,
+                        APR_HOOK_MIDDLE);
 #endif
-
-#if MOD_GNUTLS_DEBUG
-static apr_file_t* debug_log_fp;
-#endif
-
-static apr_status_t mod_gnutls_cleanup_pre_config(void *data)
-{
-    gnutls_global_deinit();
-    return APR_SUCCESS;
-}
-
-#if MOD_GNUTLS_DEBUG
-static void gnutls_debug_log_all( int level, const char* str)
-{
-    apr_file_printf(debug_log_fp, "<%d> %s\n", level, str);
-}
-#endif
-
-static int mod_gnutls_hook_pre_config(apr_pool_t * pconf,
-                                      apr_pool_t * plog, apr_pool_t * ptemp)
-{
-
-#if APR_HAS_THREADS
-    /* TODO: Check MPM Type here */
-    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-#endif
-
-    gnutls_global_init();
-
-    apr_pool_cleanup_register(pconf, NULL, mod_gnutls_cleanup_pre_config,
-                              apr_pool_cleanup_null);
-
-#if MOD_GNUTLS_DEBUG
-    apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
-                  APR_APPEND|APR_WRITE|APR_CREATE, APR_OS_DEFAULT, pconf);
-
-    gnutls_global_set_log_level(9);
-    gnutls_global_set_log_function(gnutls_debug_log_all);
-#endif
-
-    return OK;
+    ap_hook_default_port(mgs_hook_default_port, NULL, NULL,
+                         APR_HOOK_MIDDLE);
+    ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL,
+                       APR_HOOK_MIDDLE);
+    
+    ap_hook_access_checker(mgs_hook_authz, NULL, NULL, APR_HOOK_REALLY_FIRST);
+    
+    ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
+    
+    /* TODO: HTTP Upgrade Filter */
+    /* ap_register_output_filter ("UPGRADE_FILTER", 
+        *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
+*/
+    ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
+                             mgs_filter_input, NULL,
+                             AP_FTYPE_CONNECTION + 5);
+    ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
+                              mgs_filter_output, NULL,
+                              AP_FTYPE_CONNECTION + 5);
 }
 
 
-static gnutls_datum load_params(const char* file, server_rec* s, 
-                                apr_pool_t* pool) 
-{
-    gnutls_datum ret = { NULL, 0 };
-    apr_file_t* fp;
-    apr_finfo_t finfo;
-    apr_status_t rv;
-    apr_size_t br = 0;
-
-    rv = apr_file_open(&fp, file, APR_READ|APR_BINARY, APR_OS_DEFAULT, 
-                       pool);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 
-                     "GnuTLS failed to load params file at: %s", file);
-        return ret;
-    }
-
-    rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
-
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 
-                     "GnuTLS failed to stat params file at: %s", file);
-        return ret;
-    }
-
-    ret.data = apr_palloc(pool, finfo.size+1);
-    rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
-
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 
-                     "GnuTLS failed to read params file at: %s", file);
-        return ret;
-    }
-
-    ret.data[br] = '\0';
-    ret.size = br;
-
-    return ret;
-}
-
-static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
-                                       apr_pool_t * ptemp,
-                                       server_rec * base_server)
-{
-    int rv;
-    server_rec *s;
-    gnutls_dh_params_t dh_params;
-    gnutls_rsa_params_t rsa_params;
-    mod_gnutls_srvconf_rec *sc;
-    mod_gnutls_srvconf_rec *sc_base;
-    void *data = NULL;
-    int first_run = 0;
-    const char *userdata_key = "mod_gnutls_init";
-         
-    apr_pool_userdata_get(&data, userdata_key, base_server->process->pool);
-    if (data == NULL) {
-        first_run = 1;
-        apr_pool_userdata_set((const void *)1, userdata_key, 
-                              apr_pool_cleanup_null, 
-                              base_server->process->pool);
-    }
-
-
-    if (!first_run) {
-        gnutls_datum pdata;
-        apr_pool_t* tpool;
-        s = base_server;
-        sc_base = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
-                                                             &gnutls_module);
-
-        apr_pool_create(&tpool, p);
-
-        gnutls_dh_params_init(&dh_params);
-
-        pdata = load_params(sc_base->dh_params_file, s, tpool);
-
-        if (pdata.size != 0) {
-            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, 
-                                               GNUTLS_X509_FMT_PEM);
-            if (rv != 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 
-                             "GnuTLS: Unable to load DH Params: (%d) %s",
-                             rv, gnutls_strerror(rv));
-                exit(rv);
-            }
-        }
-        else {
-            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 
-                         "GnuTLS: Unable to load DH Params."
-                         " Shutting Down.");
-            exit(-1);
-        }
-        apr_pool_clear(tpool);
-
-        gnutls_rsa_params_init(&rsa_params);
-
-        pdata = load_params(sc_base->rsa_params_file, s, tpool);
-
-        if (pdata.size != 0) {
-            rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata, 
-                                                GNUTLS_X509_FMT_PEM);
-            if (rv != 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 
-                             "GnuTLS: Unable to load RSA Params: (%d) %s",
-                             rv, gnutls_strerror(rv));
-                exit(rv);
-            }
-        }
-        else {
-            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 
-                         "GnuTLS: Unable to load RSA Params."
-                         " Shutting Down.");
-            exit(-1);
-        }
-
-        apr_pool_destroy(tpool);
-        rv = mod_gnutls_cache_post_config(p, s, sc_base);
-        if (rv != 0) {
-            ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 
-                         "GnuTLS: Post Config for GnuTLSCache Failed."
-                         " Shutting Down.");
-            exit(-1);
-        }
-         
-        for (s = base_server; s; s = s->next) {
-            sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
-                                                                 &gnutls_module);
-            sc->cache_type = sc_base->cache_type;
-            sc->cache_config = sc_base->cache_config;
-
-            if (sc->cert_file != NULL && sc->key_file != NULL) {
-
-                rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file,
-                                                 sc->key_file,
-                                                 GNUTLS_X509_FMT_PEM);
-                if (rv != 0) {
-                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
-                         "[GnuTLS] - Host '%s:%d' has an invalid key or certificate:"
-                         "(%s,%s) (%d) %s",
-                         s->server_hostname, s->port, sc->cert_file, sc->key_file,
-                         rv, gnutls_strerror(rv));
-                }
-                else {
-                    gnutls_certificate_set_rsa_export_params(sc->certs, 
-                                                     rsa_params);
-                    gnutls_certificate_set_dh_params(sc->certs, dh_params);
-                }
-            }
-            else if (sc->enabled == GNUTLS_ENABLED_TRUE) {
-                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
-                             "[GnuTLS] - Host '%s:%d' is missing a "
-                             "Cert and Key File!",
-                         s->server_hostname, s->port);
-            }
-        }
-    } /* first_run */
-
-    ap_add_version_component(p, "mod_gnutls/" MOD_GNUTLS_VERSION);
-
-    return OK;
-}
-
-static void mod_gnutls_hook_child_init(apr_pool_t *p, server_rec *s)
-{
-    apr_status_t rv = APR_SUCCESS;
-    mod_gnutls_srvconf_rec *sc = ap_get_module_config(s->module_config,
-                                                      &gnutls_module);
-
-    if (sc->cache_type != mod_gnutls_cache_none) {
-        rv = mod_gnutls_cache_child_init(p, s, sc);
-        if(rv != APR_SUCCESS) {
-            ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
-                             "[GnuTLS] - Failed to run Cache Init");
-        }
-    }
-    else {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
-                     "[GnuTLS] - No Cache Configured. Hint: GnuTLSCache");
-    }
-}
-
-static const char *mod_gnutls_hook_http_scheme(const request_rec * r)
-{
-    mod_gnutls_srvconf_rec *sc =
-        (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server->
-                                                        module_config,
-                                                        &gnutls_module);
-
-    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
-        return NULL;
-    }
-
-    return "https";
-}
-
-static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
-{
-    mod_gnutls_srvconf_rec *sc =
-        (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server->
-                                                        module_config,
-                                                        &gnutls_module);
-
-    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
-        return 0;
-    }
-
-    return 443;
-}
-
-/* TODO: Complete support for Server Name Indication */
-static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret) 
-{
-    char* server_name;
-    int server_type;
-    int data_len = 256;
-    mod_gnutls_handle_t *ctxt;    
-    ctxt = gnutls_transport_get_ptr(session);
-
-    ret->type = GNUTLS_CRT_X509;
-    ret->ncerts = 1;
-    server_name = apr_palloc(ctxt->c->pool, data_len);
-    if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
-        if (server_type == GNUTLS_NAME_DNS) {
-            ap_log_error(APLOG_MARK, APLOG_INFO, 0,
-                         ctxt->c->base_server,
-                         "GnuTLS: Virtual Host: "
-                         "%s", server_name);
-        }
-    }
-
-    return 0;
-}
-
-static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
-{
-    mod_gnutls_handle_t *ctxt;
-    mod_gnutls_srvconf_rec *sc =
-        (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server->
-                                                        module_config,
-                                                        &gnutls_module);
-
-    ctxt = apr_pcalloc(pool, sizeof(*ctxt));
-    ctxt->c = c;
-    ctxt->sc = sc;
-    ctxt->status = 0;
-
-    ctxt->input_rc = APR_SUCCESS;
-    ctxt->input_bb = apr_brigade_create(c->pool, c->bucket_alloc);
-    ctxt->input_cbuf.length = 0;
-
-    ctxt->output_rc = APR_SUCCESS;
-    ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc);
-    ctxt->output_blen = 0;
-    ctxt->output_length = 0;
-
-    gnutls_init(&ctxt->session, GNUTLS_SERVER);
-
-    gnutls_protocol_set_priority(ctxt->session, sc->protocol);
-    gnutls_cipher_set_priority(ctxt->session, sc->ciphers);
-    gnutls_compression_set_priority(ctxt->session, sc->compression);
-    gnutls_kx_set_priority(ctxt->session, sc->key_exchange);
-    gnutls_mac_set_priority(ctxt->session, sc->macs);
-    gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types);
-
-    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs);
-
-    gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE);
-
-    mod_gnutls_cache_session_init(ctxt);
-
-    /* TODO: Finish Support for Server Name Indication */
-    /* gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); */
-    return ctxt;
-}
-
-static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
-{
-    mod_gnutls_handle_t *ctxt;
-    mod_gnutls_srvconf_rec *sc =
-        (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server->
-                                                        module_config,
-                                                        &gnutls_module);
-
-    if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
-        return DECLINED;
-    }
-
-    ctxt = create_gnutls_handle(c->pool, c);
-
-    ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
-
-    gnutls_transport_set_pull_function(ctxt->session,
-                                       mod_gnutls_transport_read);
-    gnutls_transport_set_push_function(ctxt->session,
-                                       mod_gnutls_transport_write);
-    gnutls_transport_set_ptr(ctxt->session, ctxt);
-    
-    ctxt->input_filter = ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, 
-                                             NULL, c);
-    ctxt->output_filter = ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt,
-                                               NULL, c);
-
-    return OK;
-}
-
-static int mod_gnutls_hook_fixups(request_rec *r)
-{
-    unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
-    char buf[GNUTLS_SESSION_ID_STRING_LEN];
-    const char* tmp;
-    int len;
-    mod_gnutls_handle_t *ctxt;
-    apr_table_t *env = r->subprocess_env;
-
-    ctxt = ap_get_module_config(r->connection->conn_config, &gnutls_module);
-
-    if(!ctxt) {
-        return DECLINED;
-    }
-
-    apr_table_setn(env, "HTTPS", "on");
-
-    apr_table_setn(env, "GNUTLS_VERSION_INTERFACE", MOD_GNUTLS_VERSION);
-    apr_table_setn(env, "GNUTLS_VERSION_LIBRARY", LIBGNUTLS_VERSION);
-
-    apr_table_setn(env, "SSL_PROTOCOL",
-                   gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session)));
-
-    apr_table_setn(env, "SSL_CIPHER",
-                   gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session)));
-
-    apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
-
-    tmp = apr_psprintf(r->pool, "%d",
-              8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session)));
-
-    apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp);
-
-    apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp);
-
-    len = sizeof(sbuf);
-    gnutls_session_get_id(ctxt->session, sbuf, &len);
-    tmp = mod_gnutls_session_id2sz(sbuf, len, buf, sizeof(buf));
-    apr_table_setn(env, "SSL_SESSION_ID", tmp);
-    
-    return OK;
-}
-
-static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy,
-                                        const char *arg)
-{
-    mod_gnutls_srvconf_rec *sc =
-        (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
-                                                        module_config,
-                                                        &gnutls_module);
-    sc->cert_file = ap_server_root_relative(parms->pool, arg);
-    return NULL;
-}
-
-static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy,
-                                       const char *arg)
-{
-    mod_gnutls_srvconf_rec *sc =
-        (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
-                                                        module_config,
-                                                        &gnutls_module);
-    
-    sc->key_file = ap_server_root_relative(parms->pool, arg);
-    return NULL;
-}
-
-static const char *gnutls_set_cache(cmd_parms * parms, void *dummy,
-                                       const char *type, const char* arg)
-{
-    const char* err;
-    mod_gnutls_srvconf_rec *sc = ap_get_module_config(parms->server->
-                                                        module_config,
-                                                        &gnutls_module);
-    if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
-        return err;
-    }
-
-    if (strcasecmp("none", type) == 0) {
-        sc->cache_type = mod_gnutls_cache_none;
-    }
-    else if (strcasecmp("dbm", type) == 0) {
-        sc->cache_type = mod_gnutls_cache_dbm;
-    }
-#if HAVE_APR_MEMCACHE
-    else if (strcasecmp("memcache", type) == 0) {
-        sc->cache_type = mod_gnutls_cache_memcache;
-    }
-#endif
-    else {
-        return "Invalid Type for GnuTLSCache!";
-    }
-
-    if (sc->cache_type == mod_gnutls_cache_dbm) {
-        sc->cache_config = ap_server_root_relative(parms->pool, arg);
-    }
-    else {
-        sc->cache_config = apr_pstrdup(parms->pool, arg);
-    }
-
-    return NULL;
-}
-
-static const char *gnutls_set_enabled(cmd_parms * parms, void *dummy,
-                                      const char *arg)
-{
-    mod_gnutls_srvconf_rec *sc =
-        (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
-                                                        module_config,
-                                                        &gnutls_module);
-    if (!strcasecmp(arg, "On")) {
-        sc->enabled = GNUTLS_ENABLED_TRUE;
-    }
-    else if (!strcasecmp(arg, "Off")) {
-        sc->enabled = GNUTLS_ENABLED_FALSE;
-    }
-    else {
-        return "GnuTLSEnable must be set to 'On' or 'Off'";
-    }
-
-    return NULL;
-}
-
-static const command_rec gnutls_cmds[] = {
-    AP_INIT_TAKE1("GnuTLSCertificateFile", gnutls_set_cert_file,
+static const command_rec mgs_config_cmds[] = {
+    AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
+                  NULL,
+                  RSRC_CONF|OR_AUTHCFG,
+                  "Set Verification Requirements of the Client Certificate"),
+    AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file,
+                  NULL,
+                  RSRC_CONF,
+                  "Set the CA File for Client Certificates"),
+    AP_INIT_TAKE1("GnuTLSCertificateFile", mgs_set_cert_file,
                   NULL,
                   RSRC_CONF,
                   "SSL Server Key file"),
-    AP_INIT_TAKE1("GnuTLSKeyFile", gnutls_set_key_file,
+    AP_INIT_TAKE1("GnuTLSKeyFile", mgs_set_key_file,
                   NULL,
                   RSRC_CONF,
                   "SSL Server Certificate file"),
-    AP_INIT_TAKE2("GnuTLSCache", gnutls_set_cache,
+    AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
+                  NULL,
+                  RSRC_CONF,
+                  "Cache Timeout"),
+    AP_INIT_TAKE2("GnuTLSCache", mgs_set_cache,
                   NULL,
                   RSRC_CONF,
                   "Cache Configuration"),
-    AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled,
+    AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
                   NULL, RSRC_CONF,
                   "Whether this server has GnuTLS Enabled. Default: Off"),
-
+    
     {NULL}
 };
 
-/* TODO: CACertificateFile & Client Authentication
- *    AP_INIT_TAKE1("GnuTLSCACertificateFile", ap_set_server_string_slot,
- *                 (void *) APR_OFFSETOF(gnutls_srvconf_rec, key_file), NULL,
- *                 RSRC_CONF,
- *                 "CA"),
- */
-
-static void gnutls_hooks(apr_pool_t * p)
-{
-    ap_hook_pre_connection(mod_gnutls_hook_pre_connection, NULL, NULL,
-                           APR_HOOK_MIDDLE);
-    ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-    ap_hook_child_init(mod_gnutls_hook_child_init, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-#if USING_2_1_RECENT
-    ap_hook_http_scheme(mod_gnutls_hook_http_scheme, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-#else
-    ap_hook_http_method(mod_gnutls_hook_http_scheme, NULL, NULL,
-                        APR_HOOK_MIDDLE);
-#endif
-    ap_hook_default_port(mod_gnutls_hook_default_port, NULL, NULL,
-                         APR_HOOK_MIDDLE);
-    ap_hook_pre_config(mod_gnutls_hook_pre_config, NULL, NULL,
-                       APR_HOOK_MIDDLE);
-
-    ap_hook_fixups(mod_gnutls_hook_fixups, NULL, NULL, APR_HOOK_MIDDLE);
-
-    /* TODO: HTTP Upgrade Filter */
-    /* ap_register_output_filter ("UPGRADE_FILTER", 
-     *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
-     */
-    ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
-                             mod_gnutls_filter_input, NULL,
-                             AP_FTYPE_CONNECTION + 5);
-    ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
-                              mod_gnutls_filter_output, NULL,
-                              AP_FTYPE_CONNECTION + 5);
-}
-
-static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
-{
-    int i;
-    mod_gnutls_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc));
-
-    sc->enabled = GNUTLS_ENABLED_FALSE;
-
-    gnutls_certificate_allocate_credentials(&sc->certs);
-    sc->key_file = NULL;
-    sc->cert_file = NULL;
-    sc->cache_timeout = apr_time_from_sec(3600);
-    sc->cache_type = mod_gnutls_cache_dbm;
-    sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");
-
-    /* TODO: Make this Configurable ! */
-    sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile");
-    sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile");
-
-    /* TODO: Make this Configurable ! */
-    /* meh. mod_ssl uses a flex based parser for this part.. sigh */
-    i = 0;
-    sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC;
-    sc->ciphers[i++] = GNUTLS_CIPHER_AES_128_CBC;
-    sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_128;
-    sc->ciphers[i++] = GNUTLS_CIPHER_3DES_CBC;
-    sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_40;
-    sc->ciphers[i] = 0;
-
-    i = 0;
-    sc->key_exchange[i++] = GNUTLS_KX_RSA;
-    sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT;
-    sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS;
-    sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA;
-    sc->key_exchange[i++] = GNUTLS_KX_ANON_DH;
-    sc->key_exchange[i++] = GNUTLS_KX_SRP;
-    sc->key_exchange[i++] = GNUTLS_KX_SRP_RSA;
-    sc->key_exchange[i++] = GNUTLS_KX_SRP_DSS;
-    sc->key_exchange[i] = 0;
-
-    i = 0;
-    sc->macs[i++] = GNUTLS_MAC_SHA;
-    sc->macs[i++] = GNUTLS_MAC_MD5;
-    sc->macs[i++] = GNUTLS_MAC_RMD160;
-    sc->macs[i] = 0;
-
-    i = 0;
-    sc->protocol[i++] = GNUTLS_TLS1_1;
-    sc->protocol[i++] = GNUTLS_TLS1;
-    sc->protocol[i++] = GNUTLS_SSL3;
-    sc->protocol[i] = 0;
-
-    i = 0;
-    sc->compression[i++] = GNUTLS_COMP_NULL;
-    sc->compression[i++] = GNUTLS_COMP_ZLIB;
-    sc->compression[i++] = GNUTLS_COMP_LZO;
-    sc->compression[i] = 0;
-
-    i = 0;
-    sc->cert_types[i++] = GNUTLS_CRT_X509;
-    sc->cert_types[i] = 0;
- 
-    return sc;
-}
-
-
-
 module AP_MODULE_DECLARE_DATA gnutls_module = {
     STANDARD20_MODULE_STUFF,
+    mgs_config_dir_create,
     NULL,
+    mgs_config_server_create,
     NULL,
-    gnutls_config_server_create,
-    NULL,
-/*    gnutls_config_server_merge, */
-    gnutls_cmds,
+    mgs_config_cmds,
     gnutls_hooks
 };