Changeset 4133f2d in mod_gnutls for src


Ignore:
Timestamp:
Apr 21, 2015, 9:08:00 AM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
39bd695
Parents:
2cde026d
Message:

Unify argument handling in mgs_set_priorities

Just store the argument in mgs_set_priorities for both front end and
proxy priorities. Like the front end priorities, the gnutls_priority_t
structure for proxy connections now gets initialized when the
credentials are loaded (load_proxy_x509_credentials in gnutls_hooks.c).

Location:
src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_config.c

    r2cde026d r4133f2d  
    886886
    887887/*
    888  * Initialize a GnuTLS priorities cache from a configuration
    889  * string. Used for GnuTLSPriorities and GnuTLSProxyPriorities.
     888 * Store GnuTLS priority strings. Used for GnuTLSPriorities and
     889 * GnuTLSProxyPriorities.
    890890 */
    891891const char *mgs_set_priorities(cmd_parms * parms,
     
    893893                               const char *arg)
    894894{
    895     int ret;
    896     const char *err;
    897 
    898895    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    899896        ap_get_module_config(parms->server->module_config, &gnutls_module);
    900897
    901     /* Setting a priority cache works the same no matter for which
    902      * option. Just point the pointer at the right one. */
    903     gnutls_priority_t *prio = NULL;
    904898    if (!strcasecmp(parms->directive->directive, "GnuTLSPriorities"))
    905     {
    906         /* save string to be handled in mgs_load_files
    907          *
    908          * TODO: return to one wany of handling priorities for front
    909          * end and proxy connections */
    910899        sc->priorities_str = apr_pstrdup(parms->pool, arg);
    911         return NULL;
    912         /* prio = &sc->priorities; */
    913     }
    914900    else if (!strcasecmp(parms->directive->directive, "GnuTLSProxyPriorities"))
    915         prio = &sc->proxy_priorities;
     901        sc->proxy_priorities_str = apr_pstrdup(parms->pool, arg);
    916902    else
    917903        /* Can't happen unless there's a serious bug in mod_gnutls or Apache */
     
    919905                            "mod_gnutls: %s called for invalid option '%s'",
    920906                            __func__, parms->directive->directive);
    921 
    922     ret = gnutls_priority_init(prio, arg, &err);
    923     if (ret < 0)
    924     {
    925         if (ret == GNUTLS_E_INVALID_REQUEST)
    926             return apr_psprintf(parms->pool,
    927                                 "mod_gnutls: Syntax error parsing priorities "
    928                                 "string for %s at: %s",
    929                                 parms->directive->directive, err);
    930         return  apr_psprintf(parms->pool,
    931                              "Error setting priorities: %s (%d)",
    932                              gnutls_strerror(ret), ret);
    933     }
    934907
    935908    return NULL;
     
    991964    sc->proxy_x509_ca_file = NULL;
    992965    sc->proxy_x509_crl_file = NULL;
     966    sc->proxy_priorities_str = NULL;
    993967    sc->proxy_priorities = NULL;
    994968
     
    10451019    gnutls_srvconf_merge(proxy_x509_ca_file, NULL);
    10461020    gnutls_srvconf_merge(proxy_x509_crl_file, NULL);
     1021    gnutls_srvconf_merge(proxy_priorities_str, NULL);
    10471022    gnutls_srvconf_merge(proxy_priorities, NULL);
    10481023
  • src/gnutls_hooks.c

    r2cde026d r4133f2d  
    415415
    416416        if (sc->enabled == GNUTLS_ENABLED_TRUE
    417             && sc->proxy_enabled == GNUTLS_ENABLED_TRUE)
     417            && sc->proxy_enabled == GNUTLS_ENABLED_TRUE
     418            && load_proxy_x509_credentials(s) != APR_SUCCESS)
    418419        {
    419             /* Check if the proxy priorities have been set */
    420             if (sc->proxy_priorities == NULL)
    421             {
    422                 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    423                              "Host '%s:%d' is missing the "
    424                              "GnuTLSProxyPriorities directive!",
    425                              s->server_hostname, s->port);
    426                 exit(-1);
    427             }
    428             /* Set up proxy credentials */
    429             load_proxy_x509_credentials(s);
     420            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
     421                         "%s: loading proxy credentials for host "
     422                         "'%s:%d' failed, exiting!",
     423                         __func__, s->server_hostname, s->port);
     424            exit(-1);
    430425        }
    431426    }
     
    17561751    }
    17571752
     1753    /* Check if the proxy priorities have been set, fail immediately
     1754     * if not */
     1755    if (sc->proxy_priorities_str == NULL)
     1756    {
     1757        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
     1758                     "Host '%s:%d' is missing the GnuTLSProxyPriorities "
     1759                     "directive!",
     1760                     s->server_hostname, s->port);
     1761        return APR_EGENERAL;
     1762    }
     1763    /* parse proxy priorities */
     1764    const char *err_pos = NULL;
     1765    err = gnutls_priority_init(&sc->proxy_priorities,
     1766                               sc->proxy_priorities_str, &err_pos);
     1767    if (err != GNUTLS_E_SUCCESS)
     1768    {
     1769        if (ret == GNUTLS_E_INVALID_REQUEST)
     1770            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
     1771                         "%s: Syntax error parsing proxy priorities "
     1772                         "string at: %s",
     1773                         __func__, err_pos);
     1774        else
     1775            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
     1776                         "Error setting proxy priorities: %s (%d)",
     1777                         gnutls_strerror(err), err);
     1778        ret = APR_EGENERAL;
     1779    }
     1780
    17581781    /* load certificate and key for client auth, if configured */
    17591782    if (sc->proxy_x509_key_file && sc->proxy_x509_cert_file)
Note: See TracChangeset for help on using the changeset viewer.