Changeset 3e94bd3 in mod_gnutls
- Timestamp:
- Jan 11, 2013, 12:54:56 AM (10 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, upstream
- Children:
- 1c87791, 70c2d86
- Parents:
- 8eb6ccd
- Files:
-
- 2 added
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
config.in
r8eb6ccd r3e94bd3 1 1 /* config.in. Generated from configure.ac by autoheader. */ 2 3 /* Define to 1 if mod_status.h and the mod_Status hook are available */ 4 #undef HAVE_MOD_STATUS_H 2 5 3 6 /* Name of package */ -
config/config.guess
r8eb6ccd r3e94bd3 2 2 # Attempt to guess a canonical system name. 3 3 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 4 # 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.5 6 timestamp='200 4-11-12'4 # 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. 5 6 timestamp='2005-03-24' 7 7 8 8 # This file is free software; you can redistribute it and/or modify it … … 54 54 55 55 Originally written by Per Bothner. 56 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 56 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 57 57 Free Software Foundation, Inc. 58 58 … … 804 804 i*:UWIN*:*) 805 805 echo ${UNAME_MACHINE}-pc-uwin 806 exit 0 ;; 807 amd64:CYGWIN*:*:*) 808 echo x86_64-unknown-cygwin 806 809 exit 0 ;; 807 810 p*:CYGWIN*:*) … … 1198 1201 echo i386-pc-qnx 1199 1202 exit 0 ;; 1203 NSE-?:NONSTOP_KERNEL:*:*) 1204 echo nse-tandem-nsk${UNAME_RELEASE} 1205 exit 0 ;; 1200 1206 NSR-?:NONSTOP_KERNEL:*:*) 1201 1207 echo nsr-tandem-nsk${UNAME_RELEASE} … … 1414 1420 download the most up to date version of the config scripts from 1415 1421 1416 ftp://ftp.gnu.org/pub/gnu/config/ 1422 http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess 1423 and 1424 http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub 1417 1425 1418 1426 If the version you run ($0) is already up to date, please -
config/config.sub
r8eb6ccd r3e94bd3 2 2 # Configuration validation subroutine script. 3 3 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 4 # 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.5 6 timestamp='200 4-11-30'4 # 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. 5 6 timestamp='2005-02-10' 7 7 8 8 # This file is (in principle) common to ALL GNU software. … … 71 71 GNU config.sub ($timestamp) 72 72 73 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 73 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 74 74 Free Software Foundation, Inc. 75 75 … … 238 238 | i370 | i860 | i960 | ia64 \ 239 239 | ip2k | iq2000 \ 240 | m32r | m32rle | m68000 | m68k | m88k | m core \240 | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ 241 241 | mips | mipsbe | mipseb | mipsel | mipsle \ 242 242 | mips16 \ … … 311 311 | m32r-* | m32rle-* \ 312 312 | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ 313 | m88110-* | m88k-* | m core-* \313 | m88110-* | m88k-* | maxq-* | mcore-* \ 314 314 | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ 315 315 | mips16-* \ -
configure
r8eb6ccd r3e94bd3 1 1 #! /bin/sh 2 2 # Guess values for system-dependent variables and create Makefiles. 3 # Generated by GNU Autoconf 2.59 for mod_gnutls 0. 1.1.3 # Generated by GNU Autoconf 2.59 for mod_gnutls 0.2.0. 4 4 # 5 5 # Copyright (C) 2003 Free Software Foundation, Inc. … … 268 268 PACKAGE_NAME='mod_gnutls' 269 269 PACKAGE_TARNAME='mod_gnutls' 270 PACKAGE_VERSION='0. 1.1'271 PACKAGE_STRING='mod_gnutls 0. 1.1'270 PACKAGE_VERSION='0.2.0' 271 PACKAGE_STRING='mod_gnutls 0.2.0' 272 272 PACKAGE_BUGREPORT='' 273 273 … … 738 738 # This message is too long to be a string in the A/UX 3.1 sh. 739 739 cat <<_ACEOF 740 \`configure' configures mod_gnutls 0. 1.1to adapt to many kinds of systems.740 \`configure' configures mod_gnutls 0.2.0 to adapt to many kinds of systems. 741 741 742 742 Usage: $0 [OPTION]... [VAR=VALUE]... … … 805 805 if test -n "$ac_init_help"; then 806 806 case $ac_init_help in 807 short | recursive ) echo "Configuration of mod_gnutls 0. 1.1:";;807 short | recursive ) echo "Configuration of mod_gnutls 0.2.0:";; 808 808 esac 809 809 cat <<\_ACEOF … … 935 935 if $ac_init_version; then 936 936 cat <<\_ACEOF 937 mod_gnutls configure 0. 1.1937 mod_gnutls configure 0.2.0 938 938 generated by GNU Autoconf 2.59 939 939 … … 949 949 running configure, to aid debugging if configure makes a mistake. 950 950 951 It was created by mod_gnutls $as_me 0. 1.1, which was951 It was created by mod_gnutls $as_me 0.2.0, which was 952 952 generated by GNU Autoconf 2.59. Invocation command line was 953 953 … … 1303 1303 chmod +x config.nice 1304 1304 1305 MOD_GNUTLS_VERSION=0. 1.11305 MOD_GNUTLS_VERSION=0.2.0 1306 1306 1307 1307 … … 1731 1731 # Define the identity of the package. 1732 1732 PACKAGE=mod_gnutls 1733 VERSION=0. 1.11733 VERSION=0.2.0 1734 1734 1735 1735 … … 3444 3444 AP_VERSION="2.0" 3445 3445 APXS_EXTENSION=.la 3446 if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then 3447 3448 cat >>confdefs.h <<\_ACEOF 3449 #define HAVE_MOD_STATUS_H 1 3450 _ACEOF 3451 3452 fi 3446 3453 AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES" 3447 3454 AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES" … … 4335 4342 cat >&5 <<_CSEOF 4336 4343 4337 This file was extended by mod_gnutls $as_me 0. 1.1, which was4344 This file was extended by mod_gnutls $as_me 0.2.0, which was 4338 4345 generated by GNU Autoconf 2.59. Invocation command line was 4339 4346 … … 4398 4405 cat >>$CONFIG_STATUS <<_ACEOF 4399 4406 ac_cs_version="\\ 4400 mod_gnutls config.status 0. 1.14407 mod_gnutls config.status 0.2.0 4401 4408 configured by $0, generated by GNU Autoconf 2.59, 4402 4409 with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" -
configure.ac
r8eb6ccd r3e94bd3 1 AC_INIT(mod_gnutls, 0. 1.1)1 AC_INIT(mod_gnutls, 0.2.0) 2 2 OOO_CONFIG_NICE(config.nice) 3 3 MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION -
include/mod_gnutls.h.in
r8eb6ccd r3e94bd3 28 28 #include "ap_release.h" 29 29 30 #include <gcrypt.h> 31 #include <gnutls/gnutls.h> 32 #include <gnutls/x509.h> 33 30 34 #ifndef __mod_gnutls_h_inc 31 35 #define __mod_gnutls_h_inc 32 36 33 37 #define HAVE_APR_MEMCACHE @have_apr_memcache@ 34 35 #include <gcrypt.h>36 #include <gnutls/gnutls.h>37 38 38 39 module AP_MODULE_DECLARE_DATA gnutls_module; … … 62 63 typedef enum 63 64 { 64 m od_gnutls_cache_none,65 m od_gnutls_cache_dbm,65 mgs_cache_none, 66 mgs_cache_dbm, 66 67 #if HAVE_APR_MEMCACHE 67 m od_gnutls_cache_memcache68 mgs_cache_memcache 68 69 #endif 69 } m od_gnutls_cache_e;70 } mgs_cache_e; 70 71 71 72 typedef struct 72 73 { 74 int client_verify_mode; 75 } mgs_dirconf_rec; 76 77 typedef struct 78 { 73 79 gnutls_certificate_credentials_t certs; 74 char *key_file; 75 char *cert_file; 80 char* cert_cn; 81 gnutls_x509_crt_t cert_x509; 82 gnutls_x509_privkey_t privkey_x509; 76 83 int enabled; 77 84 int ciphers[16]; … … 82 89 int cert_types[16]; 83 90 apr_time_t cache_timeout; 84 m od_gnutls_cache_e cache_type;91 mgs_cache_e cache_type; 85 92 const char* cache_config; 86 93 const char* rsa_params_file; 87 94 const char* dh_params_file; 88 } mod_gnutls_srvconf_rec; 95 int client_verify_mode; 96 } mgs_srvconf_rec; 89 97 90 98 typedef struct { 91 99 int length; 92 100 char *value; 93 } m od_gnutls_char_buffer_t;101 } mgs_char_buffer_t; 94 102 95 103 typedef struct 96 104 { 97 m od_gnutls_srvconf_rec *sc;105 mgs_srvconf_rec *sc; 98 106 conn_rec* c; 99 107 gnutls_session_t session; … … 104 112 apr_read_type_e input_block; 105 113 ap_input_mode_t input_mode; 106 m od_gnutls_char_buffer_t input_cbuf;114 mgs_char_buffer_t input_cbuf; 107 115 char input_buffer[AP_IOBUFSIZE]; 108 116 … … 116 124 int status; 117 125 int non_https; 118 } m od_gnutls_handle_t;126 } mgs_handle_t; 119 127 120 128 /** Functions in gnutls_io.c **/ 121 129 122 130 /** 123 * m od_gnutls_filter_input will filter the input data131 * mgs_filter_input will filter the input data 124 132 * by decrypting it using GnuTLS and passes it cleartext. 125 133 * … … 130 138 * @return result status 131 139 */ 132 apr_status_t m od_gnutls_filter_input(ap_filter_t * f,140 apr_status_t mgs_filter_input(ap_filter_t * f, 133 141 apr_bucket_brigade * bb, 134 142 ap_input_mode_t mode, … … 137 145 138 146 /** 139 * m od_gnutls_filter_output will filter the encrypt147 * mgs_filter_output will filter the encrypt 140 148 * the incoming bucket using GnuTLS and passes it onto the next filter. 141 149 * … … 144 152 * @return result status 145 153 */ 146 apr_status_t m od_gnutls_filter_output(ap_filter_t * f,154 apr_status_t mgs_filter_output(ap_filter_t * f, 147 155 apr_bucket_brigade * bb); 148 156 149 157 150 158 /** 151 * m od_gnutls_transport_read is called from GnuTLS to provide encrypted159 * mgs_transport_read is called from GnuTLS to provide encrypted 152 160 * data from the client. 153 161 * … … 157 165 * @return size length of the data stored in buffer 158 166 */ 159 ssize_t m od_gnutls_transport_read(gnutls_transport_ptr_t ptr,167 ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr, 160 168 void *buffer, size_t len); 161 169 162 170 /** 163 * m od_gnutls_transport_write is called from GnuTLS to171 * mgs_transport_write is called from GnuTLS to 164 172 * write data to the client. 165 173 * … … 169 177 * @return size length of the data written 170 178 */ 171 ssize_t m od_gnutls_transport_write(gnutls_transport_ptr_t ptr,179 ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr, 172 180 const void *buffer, size_t len); 173 181 174 182 183 int mgs_rehandshake(mgs_handle_t * ctxt); 184 185 186 175 187 /** 176 188 * Init the Cache after Configuration is done 177 189 */ 178 int m od_gnutls_cache_post_config(apr_pool_t *p, server_rec *s,179 m od_gnutls_srvconf_rec *sc);190 int mgs_cache_post_config(apr_pool_t *p, server_rec *s, 191 mgs_srvconf_rec *sc); 180 192 /** 181 193 * Init the Cache inside each Process 182 194 */ 183 int m od_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,184 m od_gnutls_srvconf_rec *sc);195 int mgs_cache_child_init(apr_pool_t *p, server_rec *s, 196 mgs_srvconf_rec *sc); 185 197 /** 186 198 * Setup the Session Caching 187 199 */ 188 int m od_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt);200 int mgs_cache_session_init(mgs_handle_t *ctxt); 189 201 190 202 #define GNUTLS_SESSION_ID_STRING_LEN \ … … 198 210 * @param strsize The Maximum Length that can be stored in str 199 211 */ 200 char *m od_gnutls_session_id2sz(unsigned char *id, int idlen,212 char *mgs_session_id2sz(unsigned char *id, int idlen, 201 213 char *str, int strsize); 202 214 215 216 /* Configuration Functions */ 217 218 const char *mgs_set_cert_file(cmd_parms * parms, void *dummy, 219 const char *arg); 220 221 const char *mgs_set_key_file(cmd_parms * parms, void *dummy, 222 const char *arg); 223 224 const char *mgs_set_cache(cmd_parms * parms, void *dummy, 225 const char *type, const char* arg); 226 227 const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy, 228 const char *arg); 229 230 const char *mgs_set_client_verify(cmd_parms * parms, void *dummy, 231 const char *arg); 232 233 const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy, 234 const char *arg); 235 236 const char *mgs_set_enabled(cmd_parms * parms, void *dummy, 237 const char *arg); 238 239 void *mgs_config_server_create(apr_pool_t * p, server_rec * s); 240 241 void *mgs_config_dir_create(apr_pool_t *p, char *dir); 242 243 mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session); 244 245 /* mod_gnutls Hooks. */ 246 247 int mgs_hook_pre_config(apr_pool_t * pconf, 248 apr_pool_t * plog, apr_pool_t * ptemp); 249 250 int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, 251 apr_pool_t * ptemp, 252 server_rec * base_server); 253 254 void mgs_hook_child_init(apr_pool_t *p, server_rec *s); 255 256 const char *mgs_hook_http_scheme(const request_rec * r); 257 258 apr_port_t mgs_hook_default_port(const request_rec * r); 259 260 int mgs_hook_pre_connection(conn_rec * c, void *csd); 261 262 int mgs_hook_fixups(request_rec *r); 263 264 int mgs_hook_authz(request_rec *r); 265 203 266 #endif /* __mod_gnutls_h_inc */ -
m4/apache.m4
r8eb6ccd r3e94bd3 4 4 dnl Test for Apache apxs, APR, and APU 5 5 6 AC_DEFUN( CHECK_APACHE,6 AC_DEFUN([CHECK_APACHE], 7 7 [dnl 8 8 AC_ARG_WITH( … … 75 75 AP_VERSION="2.0" 76 76 APXS_EXTENSION=.la 77 if test -f `$APXS_BIN -q INCLUDEDIR`/mod_status.h; then 78 AC_DEFINE(HAVE_MOD_STATUS_H,1,[Define to 1 if mod_status.h and the mod_Status hook are available]) 79 fi 77 80 AP_CFLAGS="$AP_CFLAGS $APU_INCLUDES $APR_INCLUDES" 78 81 AP_CPPFLAGS="$AP_CPPFLAGS $APU_INCLUDES $APR_INCLUDES" -
m4/apache_test.m4
r8eb6ccd r3e94bd3 2 2 dnl Test for Apache 3 3 dnl 4 AC_DEFUN( TEST_APACHE_VERSION,4 AC_DEFUN([TEST_APACHE_VERSION], 5 5 [dnl 6 6 AC_REQUIRE([AC_CANONICAL_TARGET]) -
m4/apr_memcache.m4
r8eb6ccd r3e94bd3 3 3 dnl Sets: 4 4 dnl APR_MEMCACHE_LIBS 5 AC_DEFUN( CHECK_APR_MEMCACHE,5 AC_DEFUN([CHECK_APR_MEMCACHE], 6 6 [dnl 7 7 -
m4/libgnutls.m4
r8eb6ccd r3e94bd3 1 1 dnl Check for libgnutls libraries 2 2 dnl CHECK_LIBGNUTLS(MINIMUM-VERSION) 3 AC_DEFUN( CHECK_LIBGNUTLS,3 AC_DEFUN([CHECK_LIBGNUTLS], 4 4 [dnl 5 5 -
m4/outoforder.m4
r8eb6ccd r3e94bd3 5 5 dnl regenerates the output files. config.nice is useful after you rebuild 6 6 dnl ./configure (via autoconf or autogen.sh) 7 AC_DEFUN( OOO_CONFIG_NICE,[7 AC_DEFUN([OOO_CONFIG_NICE],[ 8 8 echo configure: creating $1 9 9 rm -f $1 … … 26 26 dnl this macro adds a maintainer mode option to enable programmer specific 27 27 dnl code in makefiles 28 AC_DEFUN( OOO_MAINTAIN_MODE,[28 AC_DEFUN([OOO_MAINTAIN_MODE],[ 29 29 AC_ARG_ENABLE( 30 30 maintainer, -
src/Makefile.am
r8eb6ccd r3e94bd3 1 1 CLEANFILES = .libs/libmod_gnutls *~ 2 2 3 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c 3 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c 4 4 libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS} 5 5 libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS} -
src/Makefile.in
r8eb6ccd r3e94bd3 63 63 libmod_gnutls_la_LIBADD = 64 64 am_libmod_gnutls_la_OBJECTS = libmod_gnutls_la-mod_gnutls.lo \ 65 libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo 65 libmod_gnutls_la-gnutls_io.lo libmod_gnutls_la-gnutls_cache.lo \ 66 libmod_gnutls_la-gnutls_config.lo \ 67 libmod_gnutls_la-gnutls_hooks.lo 66 68 libmod_gnutls_la_OBJECTS = $(am_libmod_gnutls_la_OBJECTS) 67 69 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include … … 197 199 target_vendor = @target_vendor@ 198 200 CLEANFILES = .libs/libmod_gnutls *~ 199 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c 201 libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c 200 202 libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS} 201 203 libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS} … … 271 273 272 274 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_cache.Plo@am__quote@ 275 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo@am__quote@ 276 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo@am__quote@ 273 277 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-gnutls_io.Plo@am__quote@ 274 278 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libmod_gnutls_la-mod_gnutls.Plo@am__quote@ … … 315 319 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 316 320 @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo '$(srcdir)/'`gnutls_cache.c 321 322 libmod_gnutls_la-gnutls_config.lo: gnutls_config.c 323 @am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_config.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c; \ 324 @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_config.Tpo"; exit 1; fi 325 @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gnutls_config.c' object='libmod_gnutls_la-gnutls_config.lo' libtool=yes @AMDEPBACKSLASH@ 326 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 327 @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo '$(srcdir)/'`gnutls_config.c 328 329 libmod_gnutls_la-gnutls_hooks.lo: gnutls_hooks.c 330 @am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -MT libmod_gnutls_la-gnutls_hooks.lo -MD -MP -MF "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c; \ 331 @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo" "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Plo"; else rm -f "$(DEPDIR)/libmod_gnutls_la-gnutls_hooks.Tpo"; exit 1; fi 332 @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='gnutls_hooks.c' object='libmod_gnutls_la-gnutls_hooks.lo' libtool=yes @AMDEPBACKSLASH@ 333 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 334 @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libmod_gnutls_la_CFLAGS) $(CFLAGS) -c -o libmod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo '$(srcdir)/'`gnutls_hooks.c 317 335 318 336 mostlyclean-libtool: -
src/gnutls_cache.c
r8eb6ccd r3e94bd3 54 54 } 55 55 56 char *m od_gnutls_session_id2sz(unsigned char *id, int idlen,56 char *mgs_session_id2sz(unsigned char *id, int idlen, 57 57 char *str, int strsize) 58 58 { … … 80 80 static apr_memcache_t* mc; 81 81 82 int mc_cache_child_init(apr_pool_t *p, server_rec *s,83 m od_gnutls_srvconf_rec *sc)82 static int mc_cache_child_init(apr_pool_t *p, server_rec *s, 83 mgs_srvconf_rec *sc) 84 84 { 85 85 apr_status_t rv = APR_SUCCESS; … … 167 167 { 168 168 apr_status_t rv = APR_SUCCESS; 169 m od_gnutls_handle_t *ctxt = baton;169 mgs_handle_t *ctxt = baton; 170 170 char buf[STR_SESSION_LEN]; 171 171 char* strkey = NULL; … … 194 194 { 195 195 apr_status_t rv = APR_SUCCESS; 196 m od_gnutls_handle_t *ctxt = baton;196 mgs_handle_t *ctxt = baton; 197 197 char buf[STR_SESSION_LEN]; 198 198 char* strkey = NULL; … … 210 210 211 211 if (rv != APR_SUCCESS) { 212 #if MOD_GNUTLS_DEBUG 212 213 ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, 213 214 ctxt->c->base_server, 214 215 "[gnutls_cache] error fetching key '%s' ", 215 216 strkey); 216 217 #endif 217 218 data.size = 0; 218 219 data.data = NULL; … … 234 235 { 235 236 apr_status_t rv = APR_SUCCESS; 236 m od_gnutls_handle_t *ctxt = baton;237 mgs_handle_t *ctxt = baton; 237 238 char buf[STR_SESSION_LEN]; 238 239 char* strkey = NULL; … … 259 260 #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD ) 260 261 261 static int dbm_cache_expire(m od_gnutls_handle_t *ctxt)262 static int dbm_cache_expire(mgs_handle_t *ctxt) 262 263 { 263 264 apr_status_t rv; … … 346 347 apr_datum_t dbmkey; 347 348 apr_datum_t dbmval; 348 m od_gnutls_handle_t *ctxt = baton;349 mgs_handle_t *ctxt = baton; 349 350 apr_status_t rv; 350 351 … … 395 396 apr_datum_t dbmkey; 396 397 apr_datum_t dbmval; 397 m od_gnutls_handle_t *ctxt = baton;398 mgs_handle_t *ctxt = baton; 398 399 apr_status_t rv; 399 400 apr_time_t expiry; … … 448 449 apr_dbm_t *dbm; 449 450 apr_datum_t dbmkey; 450 m od_gnutls_handle_t *ctxt = baton;451 mgs_handle_t *ctxt = baton; 451 452 apr_status_t rv; 452 453 … … 483 484 484 485 static int dbm_cache_post_config(apr_pool_t *p, server_rec *s, 485 m od_gnutls_srvconf_rec *sc)486 mgs_srvconf_rec *sc) 486 487 { 487 488 apr_status_t rv; … … 518 519 } 519 520 520 int m od_gnutls_cache_post_config(apr_pool_t *p, server_rec *s,521 m od_gnutls_srvconf_rec *sc)522 { 523 if (sc->cache_type == m od_gnutls_cache_dbm) {521 int mgs_cache_post_config(apr_pool_t *p, server_rec *s, 522 mgs_srvconf_rec *sc) 523 { 524 if (sc->cache_type == mgs_cache_dbm) { 524 525 return dbm_cache_post_config(p, s, sc); 525 526 } … … 527 528 } 528 529 529 int m od_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,530 m od_gnutls_srvconf_rec *sc)531 { 532 if (sc->cache_type == m od_gnutls_cache_dbm) {530 int mgs_cache_child_init(apr_pool_t *p, server_rec *s, 531 mgs_srvconf_rec *sc) 532 { 533 if (sc->cache_type == mgs_cache_dbm) { 533 534 return 0; 534 535 } 535 536 #if HAVE_APR_MEMCACHE 536 else if (sc->cache_type == m od_gnutls_cache_memcache) {537 else if (sc->cache_type == mgs_cache_memcache) { 537 538 return mc_cache_child_init(p, s, sc); 538 539 } … … 543 544 #include <assert.h> 544 545 545 int m od_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt)546 { 547 if (ctxt->sc->cache_type == m od_gnutls_cache_dbm) {546 int mgs_cache_session_init(mgs_handle_t *ctxt) 547 { 548 if (ctxt->sc->cache_type == mgs_cache_dbm) { 548 549 gnutls_db_set_retrieve_function(ctxt->session, dbm_cache_fetch); 549 550 gnutls_db_set_remove_function(ctxt->session, dbm_cache_delete); … … 552 553 } 553 554 #if HAVE_APR_MEMCACHE 554 else if (ctxt->sc->cache_type == m od_gnutls_cache_memcache) {555 else if (ctxt->sc->cache_type == mgs_cache_memcache) { 555 556 gnutls_db_set_retrieve_function(ctxt->session, mc_cache_fetch); 556 557 gnutls_db_set_remove_function(ctxt->session, mc_cache_delete); -
src/gnutls_io.c
r8eb6ccd r3e94bd3 36 36 apr_status_t status) 37 37 { 38 m od_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;38 mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx; 39 39 apr_bucket *bucket; 40 40 … … 64 64 } 65 65 66 static int char_buffer_read(m od_gnutls_char_buffer_t * buffer, char *in,66 static int char_buffer_read(mgs_char_buffer_t * buffer, char *in, 67 67 int inl) 68 68 { … … 88 88 } 89 89 90 static int char_buffer_write(m od_gnutls_char_buffer_t * buffer, char *in,90 static int char_buffer_write(mgs_char_buffer_t * buffer, char *in, 91 91 int inl) 92 92 { … … 182 182 183 183 184 static apr_status_t gnutls_io_input_read(m od_gnutls_handle_t * ctxt,184 static apr_status_t gnutls_io_input_read(mgs_handle_t * ctxt, 185 185 char *buf, apr_size_t * len) 186 186 { … … 311 311 } 312 312 313 static apr_status_t gnutls_io_input_getline(m od_gnutls_handle_t * ctxt,313 static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt, 314 314 char *buf, apr_size_t * len) 315 315 { … … 354 354 } 355 355 356 357 static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) 356 static int gnutls_do_handshake(mgs_handle_t * ctxt) 358 357 { 359 358 int ret; 360 359 int errcode; 361 360 if (ctxt->status != 0) { 362 return ;361 return -1; 363 362 } 364 363 365 364 tryagain: 366 367 ret = gnutls_handshake(ctxt->session); 365 do { 366 ret = gnutls_handshake(ctxt->session); 367 } while (ret == GNUTLS_E_AGAIN); 368 368 369 if (ret < 0) { 369 370 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED … … 381 382 goto tryagain; 382 383 } 383 384 #if USING_2_1_RECENT 385 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c, 386 "GnuTLS: Handshake Failed (%d) '%s'", ret, 387 gnutls_strerror(ret)); 388 #else 384 389 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, 385 390 "GnuTLS: Handshake Failed (%d) '%s'", ret, 386 gnutls_strerror(ret)); 391 gnutls_strerror(ret)); 392 #endif 387 393 ctxt->status = -1; 388 394 gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, 389 395 gnutls_error_to_alert(ret, NULL)); 390 396 gnutls_deinit(ctxt->session); 391 return ;397 return ret; 392 398 } 393 399 else { 400 /* all done with the handshake */ 394 401 ctxt->status = 1; 395 return; /* all done with the handshake */ 396 } 397 } 398 399 400 apr_status_t mod_gnutls_filter_input(ap_filter_t* f, 402 /* If the session was resumed, we did not set the correct 403 * server_rec in ctxt->sc. Go Find it. (ick!) 404 */ 405 if (gnutls_session_is_resumed(ctxt->session)) { 406 mgs_srvconf_rec* sc; 407 sc = mgs_find_sni_server(ctxt->session); 408 if (sc) { 409 ctxt->sc = sc; 410 } 411 } 412 return 0; 413 } 414 } 415 416 int mgs_rehandshake(mgs_handle_t * ctxt) 417 { 418 int rv; 419 420 rv = gnutls_rehandshake(ctxt->session); 421 422 if (rv != 0) { 423 /* the client did not want to rehandshake. goodbye */ 424 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, 425 "GnuTLS: Client Refused Rehandshake request."); 426 return -1; 427 } 428 429 ctxt->status = 0; 430 431 rv = gnutls_do_handshake(ctxt); 432 433 return rv; 434 } 435 436 437 apr_status_t mgs_filter_input(ap_filter_t* f, 401 438 apr_bucket_brigade * bb, 402 439 ap_input_mode_t mode, … … 405 442 { 406 443 apr_status_t status = APR_SUCCESS; 407 m od_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;444 mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx; 408 445 apr_size_t len = sizeof(ctxt->input_buffer); 409 446 … … 415 452 416 453 if (ctxt->status == 0) { 417 char* server_name;418 int server_type;419 int data_len = 256;420 421 454 gnutls_do_handshake(ctxt); 422 423 /**424 * Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1425 * Server Name Indication.426 */427 server_name = apr_palloc(ctxt->c->pool, data_len);428 if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {429 if (server_type == GNUTLS_NAME_DNS) {430 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,431 ctxt->c->base_server,432 "GnuTLS: TLS 1.1 Server Name: "433 "%s", server_name);434 435 }436 }437 455 } 438 456 … … 481 499 } 482 500 483 apr_status_t m od_gnutls_filter_output(ap_filter_t * f,501 apr_status_t mgs_filter_output(ap_filter_t * f, 484 502 apr_bucket_brigade * bb) 485 503 { 486 504 apr_size_t ret; 487 505 apr_bucket* e; 488 m od_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;506 mgs_handle_t *ctxt = (mgs_handle_t *) f->ctx; 489 507 apr_status_t status = APR_SUCCESS; 490 508 apr_read_type_e rblock = APR_NONBLOCK_READ; … … 585 603 } 586 604 587 ssize_t m od_gnutls_transport_read(gnutls_transport_ptr_t ptr,605 ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr, 588 606 void *buffer, size_t len) 589 607 { 590 m od_gnutls_handle_t *ctxt = ptr;608 mgs_handle_t *ctxt = ptr; 591 609 apr_status_t rc; 592 610 apr_size_t in = len; … … 652 670 653 671 654 static ssize_t write_flush(m od_gnutls_handle_t * ctxt)672 static ssize_t write_flush(mgs_handle_t * ctxt) 655 673 { 656 674 apr_bucket *e; … … 684 702 } 685 703 686 ssize_t m od_gnutls_transport_write(gnutls_transport_ptr_t ptr,704 ssize_t mgs_transport_write(gnutls_transport_ptr_t ptr, 687 705 const void *buffer, size_t len) 688 706 { 689 m od_gnutls_handle_t *ctxt = ptr;707 mgs_handle_t *ctxt = ptr; 690 708 691 709 /* pass along the encrypted data -
src/mod_gnutls.c
r8eb6ccd r3e94bd3 18 18 #include "mod_gnutls.h" 19 19 20 #if APR_HAS_THREADS 21 GCRY_THREAD_OPTION_PTHREAD_IMPL; 20 21 static void gnutls_hooks(apr_pool_t * p) 22 { 23 ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL, 24 APR_HOOK_MIDDLE); 25 ap_hook_post_config(mgs_hook_post_config, NULL, NULL, 26 APR_HOOK_MIDDLE); 27 ap_hook_child_init(mgs_hook_child_init, NULL, NULL, 28 APR_HOOK_MIDDLE); 29 #if USING_2_1_RECENT 30 ap_hook_http_scheme(mgs_hook_http_scheme, NULL, NULL, 31 APR_HOOK_MIDDLE); 32 #else 33 ap_hook_http_method(mgs_hook_http_scheme, NULL, NULL, 34 APR_HOOK_MIDDLE); 22 35 #endif 23 24 #if MOD_GNUTLS_DEBUG 25 static apr_file_t* debug_log_fp; 26 #endif 27 28 static apr_status_t mod_gnutls_cleanup_pre_config(void *data) 29 { 30 gnutls_global_deinit(); 31 return APR_SUCCESS; 32 } 33 34 #if MOD_GNUTLS_DEBUG 35 static void gnutls_debug_log_all( int level, const char* str) 36 { 37 apr_file_printf(debug_log_fp, "<%d> %s\n", level, str); 38 } 39 #endif 40 41 static int mod_gnutls_hook_pre_config(apr_pool_t * pconf, 42 apr_pool_t * plog, apr_pool_t * ptemp) 43 { 44 45 #if APR_HAS_THREADS 46 /* TODO: Check MPM Type here */ 47 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); 48 #endif 49 50 gnutls_global_init(); 51 52 apr_pool_cleanup_register(pconf, NULL, mod_gnutls_cleanup_pre_config, 53 apr_pool_cleanup_null); 54 55 #if MOD_GNUTLS_DEBUG 56 apr_file_open(&debug_log_fp, "/tmp/gnutls_debug", 57 APR_APPEND|APR_WRITE|APR_CREATE, APR_OS_DEFAULT, pconf); 58 59 gnutls_global_set_log_level(9); 60 gnutls_global_set_log_function(gnutls_debug_log_all); 61 #endif 62 63 return OK; 36 ap_hook_default_port(mgs_hook_default_port, NULL, NULL, 37 APR_HOOK_MIDDLE); 38 ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL, 39 APR_HOOK_MIDDLE); 40 41 ap_hook_access_checker(mgs_hook_authz, NULL, NULL, APR_HOOK_REALLY_FIRST); 42 43 ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST); 44 45 /* TODO: HTTP Upgrade Filter */ 46 /* ap_register_output_filter ("UPGRADE_FILTER", 47 * ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5); 48 */ 49 ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME, 50 mgs_filter_input, NULL, 51 AP_FTYPE_CONNECTION + 5); 52 ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME, 53 mgs_filter_output, NULL, 54 AP_FTYPE_CONNECTION + 5); 64 55 } 65 56 66 57 67 static gnutls_datum load_params(const char* file, server_rec* s, 68 apr_pool_t* pool) 69 { 70 gnutls_datum ret = { NULL, 0 }; 71 apr_file_t* fp; 72 apr_finfo_t finfo; 73 apr_status_t rv; 74 apr_size_t br = 0; 75 76 rv = apr_file_open(&fp, file, APR_READ|APR_BINARY, APR_OS_DEFAULT, 77 pool); 78 if (rv != APR_SUCCESS) { 79 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 80 "GnuTLS failed to load params file at: %s", file); 81 return ret; 82 } 83 84 rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); 85 86 if (rv != APR_SUCCESS) { 87 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 88 "GnuTLS failed to stat params file at: %s", file); 89 return ret; 90 } 91 92 ret.data = apr_palloc(pool, finfo.size+1); 93 rv = apr_file_read_full(fp, ret.data, finfo.size, &br); 94 95 if (rv != APR_SUCCESS) { 96 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 97 "GnuTLS failed to read params file at: %s", file); 98 return ret; 99 } 100 101 ret.data[br] = '\0'; 102 ret.size = br; 103 104 return ret; 105 } 106 107 static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, 108 apr_pool_t * ptemp, 109 server_rec * base_server) 110 { 111 int rv; 112 server_rec *s; 113 gnutls_dh_params_t dh_params; 114 gnutls_rsa_params_t rsa_params; 115 mod_gnutls_srvconf_rec *sc; 116 mod_gnutls_srvconf_rec *sc_base; 117 void *data = NULL; 118 int first_run = 0; 119 const char *userdata_key = "mod_gnutls_init"; 120 121 apr_pool_userdata_get(&data, userdata_key, base_server->process->pool); 122 if (data == NULL) { 123 first_run = 1; 124 apr_pool_userdata_set((const void *)1, userdata_key, 125 apr_pool_cleanup_null, 126 base_server->process->pool); 127 } 128 129 130 if (!first_run) { 131 gnutls_datum pdata; 132 apr_pool_t* tpool; 133 s = base_server; 134 sc_base = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, 135 &gnutls_module); 136 137 apr_pool_create(&tpool, p); 138 139 gnutls_dh_params_init(&dh_params); 140 141 pdata = load_params(sc_base->dh_params_file, s, tpool); 142 143 if (pdata.size != 0) { 144 rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, 145 GNUTLS_X509_FMT_PEM); 146 if (rv != 0) { 147 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 148 "GnuTLS: Unable to load DH Params: (%d) %s", 149 rv, gnutls_strerror(rv)); 150 exit(rv); 151 } 152 } 153 else { 154 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 155 "GnuTLS: Unable to load DH Params." 156 " Shutting Down."); 157 exit(-1); 158 } 159 apr_pool_clear(tpool); 160 161 gnutls_rsa_params_init(&rsa_params); 162 163 pdata = load_params(sc_base->rsa_params_file, s, tpool); 164 165 if (pdata.size != 0) { 166 rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata, 167 GNUTLS_X509_FMT_PEM); 168 if (rv != 0) { 169 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 170 "GnuTLS: Unable to load RSA Params: (%d) %s", 171 rv, gnutls_strerror(rv)); 172 exit(rv); 173 } 174 } 175 else { 176 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 177 "GnuTLS: Unable to load RSA Params." 178 " Shutting Down."); 179 exit(-1); 180 } 181 182 apr_pool_destroy(tpool); 183 rv = mod_gnutls_cache_post_config(p, s, sc_base); 184 if (rv != 0) { 185 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, 186 "GnuTLS: Post Config for GnuTLSCache Failed." 187 " Shutting Down."); 188 exit(-1); 189 } 190 191 for (s = base_server; s; s = s->next) { 192 sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, 193 &gnutls_module); 194 sc->cache_type = sc_base->cache_type; 195 sc->cache_config = sc_base->cache_config; 196 197 if (sc->cert_file != NULL && sc->key_file != NULL) { 198 199 rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, 200 sc->key_file, 201 GNUTLS_X509_FMT_PEM); 202 if (rv != 0) { 203 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 204 "[GnuTLS] - Host '%s:%d' has an invalid key or certificate:" 205 "(%s,%s) (%d) %s", 206 s->server_hostname, s->port, sc->cert_file, sc->key_file, 207 rv, gnutls_strerror(rv)); 208 } 209 else { 210 gnutls_certificate_set_rsa_export_params(sc->certs, 211 rsa_params); 212 gnutls_certificate_set_dh_params(sc->certs, dh_params); 213 } 214 } 215 else if (sc->enabled == GNUTLS_ENABLED_TRUE) { 216 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 217 "[GnuTLS] - Host '%s:%d' is missing a " 218 "Cert and Key File!", 219 s->server_hostname, s->port); 220 } 221 } 222 } /* first_run */ 223 224 ap_add_version_component(p, "mod_gnutls/" MOD_GNUTLS_VERSION); 225 226 return OK; 227 } 228 229 static void mod_gnutls_hook_child_init(apr_pool_t *p, server_rec *s) 230 { 231 apr_status_t rv = APR_SUCCESS; 232 mod_gnutls_srvconf_rec *sc = ap_get_module_config(s->module_config, 233 &gnutls_module); 234 235 if (sc->cache_type != mod_gnutls_cache_none) { 236 rv = mod_gnutls_cache_child_init(p, s, sc); 237 if(rv != APR_SUCCESS) { 238 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, 239 "[GnuTLS] - Failed to run Cache Init"); 240 } 241 } 242 else { 243 ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, 244 "[GnuTLS] - No Cache Configured. Hint: GnuTLSCache"); 245 } 246 } 247 248 static const char *mod_gnutls_hook_http_scheme(const request_rec * r) 249 { 250 mod_gnutls_srvconf_rec *sc = 251 (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server-> 252 module_config, 253 &gnutls_module); 254 255 if (sc->enabled == GNUTLS_ENABLED_FALSE) { 256 return NULL; 257 } 258 259 return "https"; 260 } 261 262 static apr_port_t mod_gnutls_hook_default_port(const request_rec * r) 263 { 264 mod_gnutls_srvconf_rec *sc = 265 (mod_gnutls_srvconf_rec *) ap_get_module_config(r->server-> 266 module_config, 267 &gnutls_module); 268 269 if (sc->enabled == GNUTLS_ENABLED_FALSE) { 270 return 0; 271 } 272 273 return 443; 274 } 275 276 /* TODO: Complete support for Server Name Indication */ 277 static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret) 278 { 279 char* server_name; 280 int server_type; 281 int data_len = 256; 282 mod_gnutls_handle_t *ctxt; 283 ctxt = gnutls_transport_get_ptr(session); 284 285 ret->type = GNUTLS_CRT_X509; 286 ret->ncerts = 1; 287 server_name = apr_palloc(ctxt->c->pool, data_len); 288 if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) { 289 if (server_type == GNUTLS_NAME_DNS) { 290 ap_log_error(APLOG_MARK, APLOG_INFO, 0, 291 ctxt->c->base_server, 292 "GnuTLS: Virtual Host: " 293 "%s", server_name); 294 } 295 } 296 297 return 0; 298 } 299 300 static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) 301 { 302 mod_gnutls_handle_t *ctxt; 303 mod_gnutls_srvconf_rec *sc = 304 (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server-> 305 module_config, 306 &gnutls_module); 307 308 ctxt = apr_pcalloc(pool, sizeof(*ctxt)); 309 ctxt->c = c; 310 ctxt->sc = sc; 311 ctxt->status = 0; 312 313 ctxt->input_rc = APR_SUCCESS; 314 ctxt->input_bb = apr_brigade_create(c->pool, c->bucket_alloc); 315 ctxt->input_cbuf.length = 0; 316 317 ctxt->output_rc = APR_SUCCESS; 318 ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc); 319 ctxt->output_blen = 0; 320 ctxt->output_length = 0; 321 322 gnutls_init(&ctxt->session, GNUTLS_SERVER); 323 324 gnutls_protocol_set_priority(ctxt->session, sc->protocol); 325 gnutls_cipher_set_priority(ctxt->session, sc->ciphers); 326 gnutls_compression_set_priority(ctxt->session, sc->compression); 327 gnutls_kx_set_priority(ctxt->session, sc->key_exchange); 328 gnutls_mac_set_priority(ctxt->session, sc->macs); 329 gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types); 330 331 gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs); 332 333 gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); 334 335 mod_gnutls_cache_session_init(ctxt); 336 337 /* TODO: Finish Support for Server Name Indication */ 338 /* gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); */ 339 return ctxt; 340 } 341 342 static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) 343 { 344 mod_gnutls_handle_t *ctxt; 345 mod_gnutls_srvconf_rec *sc = 346 (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server-> 347 module_config, 348 &gnutls_module); 349 350 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { 351 return DECLINED; 352 } 353 354 ctxt = create_gnutls_handle(c->pool, c); 355 356 ap_set_module_config(c->conn_config, &gnutls_module, ctxt); 357 358 gnutls_transport_set_pull_function(ctxt->session, 359 mod_gnutls_transport_read); 360 gnutls_transport_set_push_function(ctxt->session, 361 mod_gnutls_transport_write); 362 gnutls_transport_set_ptr(ctxt->session, ctxt); 363 364 ctxt->input_filter = ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, 365 NULL, c); 366 ctxt->output_filter = ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, 367 NULL, c); 368 369 return OK; 370 } 371 372 static int mod_gnutls_hook_fixups(request_rec *r) 373 { 374 unsigned char sbuf[GNUTLS_MAX_SESSION_ID]; 375 char buf[GNUTLS_SESSION_ID_STRING_LEN]; 376 const char* tmp; 377 int len; 378 mod_gnutls_handle_t *ctxt; 379 apr_table_t *env = r->subprocess_env; 380 381 ctxt = ap_get_module_config(r->connection->conn_config, &gnutls_module); 382 383 if(!ctxt) { 384 return DECLINED; 385 } 386 387 apr_table_setn(env, "HTTPS", "on"); 388 389 apr_table_setn(env, "GNUTLS_VERSION_INTERFACE", MOD_GNUTLS_VERSION); 390 apr_table_setn(env, "GNUTLS_VERSION_LIBRARY", LIBGNUTLS_VERSION); 391 392 apr_table_setn(env, "SSL_PROTOCOL", 393 gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session))); 394 395 apr_table_setn(env, "SSL_CIPHER", 396 gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session))); 397 398 apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); 399 400 tmp = apr_psprintf(r->pool, "%d", 401 8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session))); 402 403 apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp); 404 405 apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp); 406 407 len = sizeof(sbuf); 408 gnutls_session_get_id(ctxt->session, sbuf, &len); 409 tmp = mod_gnutls_session_id2sz(sbuf, len, buf, sizeof(buf)); 410 apr_table_setn(env, "SSL_SESSION_ID", tmp); 411 412 return OK; 413 } 414 415 static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy, 416 const char *arg) 417 { 418 mod_gnutls_srvconf_rec *sc = 419 (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> 420 module_config, 421 &gnutls_module); 422 sc->cert_file = ap_server_root_relative(parms->pool, arg); 423 return NULL; 424 } 425 426 static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy, 427 const char *arg) 428 { 429 mod_gnutls_srvconf_rec *sc = 430 (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> 431 module_config, 432 &gnutls_module); 433 434 sc->key_file = ap_server_root_relative(parms->pool, arg); 435 return NULL; 436 } 437 438 static const char *gnutls_set_cache(cmd_parms * parms, void *dummy, 439 const char *type, const char* arg) 440 { 441 const char* err; 442 mod_gnutls_srvconf_rec *sc = ap_get_module_config(parms->server-> 443 module_config, 444 &gnutls_module); 445 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) { 446 return err; 447 } 448 449 if (strcasecmp("none", type) == 0) { 450 sc->cache_type = mod_gnutls_cache_none; 451 } 452 else if (strcasecmp("dbm", type) == 0) { 453 sc->cache_type = mod_gnutls_cache_dbm; 454 } 455 #if HAVE_APR_MEMCACHE 456 else if (strcasecmp("memcache", type) == 0) { 457 sc->cache_type = mod_gnutls_cache_memcache; 458 } 459 #endif 460 else { 461 return "Invalid Type for GnuTLSCache!"; 462 } 463 464 if (sc->cache_type == mod_gnutls_cache_dbm) { 465 sc->cache_config = ap_server_root_relative(parms->pool, arg); 466 } 467 else { 468 sc->cache_config = apr_pstrdup(parms->pool, arg); 469 } 470 471 return NULL; 472 } 473 474 static const char *gnutls_set_enabled(cmd_parms * parms, void *dummy, 475 const char *arg) 476 { 477 mod_gnutls_srvconf_rec *sc = 478 (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> 479 module_config, 480 &gnutls_module); 481 if (!strcasecmp(arg, "On")) { 482 sc->enabled = GNUTLS_ENABLED_TRUE; 483 } 484 else if (!strcasecmp(arg, "Off")) { 485 sc->enabled = GNUTLS_ENABLED_FALSE; 486 } 487 else { 488 return "GnuTLSEnable must be set to 'On' or 'Off'"; 489 } 490 491 return NULL; 492 } 493 494 static const command_rec gnutls_cmds[] = { 495 AP_INIT_TAKE1("GnuTLSCertificateFile", gnutls_set_cert_file, 58 static const command_rec mgs_config_cmds[] = { 59 AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify, 60 NULL, 61 RSRC_CONF|OR_AUTHCFG, 62 "Set Verification Requirements of the Client Certificate"), 63 AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file, 64 NULL, 65 RSRC_CONF, 66 "Set the CA File for Client Certificates"), 67 AP_INIT_TAKE1("GnuTLSCertificateFile", mgs_set_cert_file, 496 68 NULL, 497 69 RSRC_CONF, 498 70 "SSL Server Key file"), 499 AP_INIT_TAKE1("GnuTLSKeyFile", gnutls_set_key_file,71 AP_INIT_TAKE1("GnuTLSKeyFile", mgs_set_key_file, 500 72 NULL, 501 73 RSRC_CONF, 502 74 "SSL Server Certificate file"), 503 AP_INIT_TAKE2("GnuTLSCache", gnutls_set_cache, 75 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, 76 NULL, 77 RSRC_CONF, 78 "Cache Timeout"), 79 AP_INIT_TAKE2("GnuTLSCache", mgs_set_cache, 504 80 NULL, 505 81 RSRC_CONF, 506 82 "Cache Configuration"), 507 AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled,83 AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, 508 84 NULL, RSRC_CONF, 509 85 "Whether this server has GnuTLS Enabled. Default: Off"), 510 86 511 87 {NULL} 512 88 }; 513 89 514 /* TODO: CACertificateFile & Client Authentication515 * AP_INIT_TAKE1("GnuTLSCACertificateFile", ap_set_server_string_slot,516 * (void *) APR_OFFSETOF(gnutls_srvconf_rec, key_file), NULL,517 * RSRC_CONF,518 * "CA"),519 */520 521 static void gnutls_hooks(apr_pool_t * p)522 {523 ap_hook_pre_connection(mod_gnutls_hook_pre_connection, NULL, NULL,524 APR_HOOK_MIDDLE);525 ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL,526 APR_HOOK_MIDDLE);527 ap_hook_child_init(mod_gnutls_hook_child_init, NULL, NULL,528 APR_HOOK_MIDDLE);529 #if USING_2_1_RECENT530 ap_hook_http_scheme(mod_gnutls_hook_http_scheme, NULL, NULL,531 APR_HOOK_MIDDLE);532 #else533 ap_hook_http_method(mod_gnutls_hook_http_scheme, NULL, NULL,534 APR_HOOK_MIDDLE);535 #endif536 ap_hook_default_port(mod_gnutls_hook_default_port, NULL, NULL,537 APR_HOOK_MIDDLE);538 ap_hook_pre_config(mod_gnutls_hook_pre_config, NULL, NULL,539 APR_HOOK_MIDDLE);540 541 ap_hook_fixups(mod_gnutls_hook_fixups, NULL, NULL, APR_HOOK_MIDDLE);542 543 /* TODO: HTTP Upgrade Filter */544 /* ap_register_output_filter ("UPGRADE_FILTER",545 * ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);546 */547 ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,548 mod_gnutls_filter_input, NULL,549 AP_FTYPE_CONNECTION + 5);550 ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,551 mod_gnutls_filter_output, NULL,552 AP_FTYPE_CONNECTION + 5);553 }554 555 static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)556 {557 int i;558 mod_gnutls_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc));559 560 sc->enabled = GNUTLS_ENABLED_FALSE;561 562 gnutls_certificate_allocate_credentials(&sc->certs);563 sc->key_file = NULL;564 sc->cert_file = NULL;565 sc->cache_timeout = apr_time_from_sec(3600);566 sc->cache_type = mod_gnutls_cache_dbm;567 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");568 569 /* TODO: Make this Configurable ! */570 sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile");571 sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile");572 573 /* TODO: Make this Configurable ! */574 /* meh. mod_ssl uses a flex based parser for this part.. sigh */575 i = 0;576 sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC;577 sc->ciphers[i++] = GNUTLS_CIPHER_AES_128_CBC;578 sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_128;579 sc->ciphers[i++] = GNUTLS_CIPHER_3DES_CBC;580 sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_40;581 sc->ciphers[i] = 0;582 583 i = 0;584 sc->key_exchange[i++] = GNUTLS_KX_RSA;585 sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT;586 sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS;587 sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA;588 sc->key_exchange[i++] = GNUTLS_KX_ANON_DH;589 sc->key_exchange[i++] = GNUTLS_KX_SRP;590 sc->key_exchange[i++] = GNUTLS_KX_SRP_RSA;591 sc->key_exchange[i++] = GNUTLS_KX_SRP_DSS;592 sc->key_exchange[i] = 0;593 594 i = 0;595 sc->macs[i++] = GNUTLS_MAC_SHA;596 sc->macs[i++] = GNUTLS_MAC_MD5;597 sc->macs[i++] = GNUTLS_MAC_RMD160;598 sc->macs[i] = 0;599 600 i = 0;601 sc->protocol[i++] = GNUTLS_TLS1_1;602 sc->protocol[i++] = GNUTLS_TLS1;603 sc->protocol[i++] = GNUTLS_SSL3;604 sc->protocol[i] = 0;605 606 i = 0;607 sc->compression[i++] = GNUTLS_COMP_NULL;608 sc->compression[i++] = GNUTLS_COMP_ZLIB;609 sc->compression[i++] = GNUTLS_COMP_LZO;610 sc->compression[i] = 0;611 612 i = 0;613 sc->cert_types[i++] = GNUTLS_CRT_X509;614 sc->cert_types[i] = 0;615 616 return sc;617 }618 619 620 621 90 module AP_MODULE_DECLARE_DATA gnutls_module = { 622 91 STANDARD20_MODULE_STUFF, 92 mgs_config_dir_create, 623 93 NULL, 94 mgs_config_server_create, 624 95 NULL, 625 gnutls_config_server_create, 626 NULL, 627 /* gnutls_config_server_merge, */ 628 gnutls_cmds, 96 mgs_config_cmds, 629 97 gnutls_hooks 630 98 };
Note: See TracChangeset
for help on using the changeset viewer.