Changeset 42307a9 in mod_gnutls for src/mod_gnutls.c


Ignore:
Timestamp:
Apr 6, 2005, 12:52:25 AM (15 years ago)
Author:
Paul Querna <chip@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream
Children:
6af4f74
Parents:
fcb122d
Message:
  • remove anno creds
  • initial attempt at Server Name Extension
  • change to adding 'mod_gnutls' to the server sig instead of GnuTLS/
  • fix for EOF/EOC/EOS buckets
  • 'general' code cleanups
File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    rfcb122d r42307a9  
    190190
    191191            if (sc->cert_file != NULL && sc->key_file != NULL) {
     192
    192193                rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file,
    193194                                                 sc->key_file,
     
    215216    } /* first_run */
    216217
    217     ap_add_version_component(p, "GnuTLS/" LIBGNUTLS_VERSION);
     218    ap_add_version_component(p, "mod_gnutls/" MOD_GNUTLS_VERSION);
    218219
    219220    return OK;
     
    265266
    266267    return 443;
     268}
     269
     270/* TODO: Complete support for Server Name Indication */
     271static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret)
     272{
     273    char* server_name;
     274    int server_type;
     275    int data_len = 256;
     276    mod_gnutls_handle_t *ctxt;   
     277    ctxt = gnutls_transport_get_ptr(session);
     278
     279    ret->type = GNUTLS_CRT_X509;
     280    ret->ncerts = 1;
     281    server_name = apr_palloc(ctxt->c->pool, data_len);
     282    if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
     283        if (server_type == GNUTLS_NAME_DNS) {
     284            ap_log_error(APLOG_MARK, APLOG_INFO, 0,
     285                         ctxt->c->base_server,
     286                         "GnuTLS: Virtual Host: "
     287                         "%s", server_name);
     288        }
     289    }
     290
     291    return 0;
    267292}
    268293
     
    300325    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs);
    301326
    302 //  if(anon) {
    303 //    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_ANON, sc->anoncred);
    304 //  }
    305 
    306327    gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE);
    307328
    308329    mod_gnutls_cache_session_init(ctxt);
     330
     331    /* TODO: Finish Support for Server Name Indication */
     332    /* gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); */
    309333    return ctxt;
    310334}
     
    342366static int mod_gnutls_hook_fixups(request_rec *r)
    343367{
     368    unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
     369    char buf[GNUTLS_SESSION_ID_STRING_LEN];
    344370    const char* tmp;
     371    int len;
    345372    mod_gnutls_handle_t *ctxt;
    346373    apr_table_t *env = r->subprocess_env;
     
    353380
    354381    apr_table_setn(env, "HTTPS", "on");
     382
     383    apr_table_setn(env, "GNUTLS_VERSION_INTERFACE", MOD_GNUTLS_VERSION);
     384    apr_table_setn(env, "GNUTLS_VERSION_LIBRARY", LIBGNUTLS_VERSION);
     385
    355386    apr_table_setn(env, "SSL_PROTOCOL",
    356387                   gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session)));
     388
    357389    apr_table_setn(env, "SSL_CIPHER",
    358390                   gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session)));
    359391
     392    apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
     393
    360394    tmp = apr_psprintf(r->pool, "%d",
    361395              8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session)));
    362396
    363397    apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp);
     398
    364399    apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp);
    365400
     401    len = sizeof(sbuf);
     402    gnutls_session_get_id(ctxt->session, sbuf, &len);
     403    tmp = mod_gnutls_session_id2sz(sbuf, len, buf, sizeof(buf));
     404    apr_table_setn(env, "SSL_SESSION_ID", tmp);
     405   
    366406    return OK;
    367407}
     
    385425                                                        module_config,
    386426                                                        &gnutls_module);
     427   
    387428    sc->key_file = ap_server_root_relative(parms->pool, arg);
    388429    return NULL;
     
    509550
    510551    gnutls_certificate_allocate_credentials(&sc->certs);
    511     gnutls_anon_allocate_server_credentials(&sc->anoncred);
    512552    sc->key_file = NULL;
    513553    sc->cert_file = NULL;
Note: See TracChangeset for help on using the changeset viewer.