- Timestamp:
- Jan 11, 2013, 12:58:10 AM (8 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, upstream
- Children:
- 17eb1a1, 9c4a744
- Parents:
- bbb9bb1
- Location:
- src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
src/Makefile.in
rbbb9bb1 r5508683 1 # Makefile.in generated by automake 1.11 from Makefile.am.1 # Makefile.in generated by automake 1.11.1 from Makefile.am. 2 2 # @configure_input@ 3 3 -
src/gnutls_config.c
rbbb9bb1 r5508683 607 607 sc->cache_type = mgs_cache_none; 608 608 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); 609 sc->tickets = 1; /* by default enable session tickets */ 609 610 610 611 sc->client_verify_mode = GNUTLS_CERT_IGNORE; -
src/gnutls_hooks.c
rbbb9bb1 r5508683 487 487 const char *mgs_hook_http_scheme(const request_rec * r) 488 488 { 489 mgs_srvconf_rec *sc = 489 mgs_srvconf_rec *sc; 490 491 if (r == NULL) 492 return NULL; 493 494 sc = 490 495 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, 491 496 &gnutls_module); … … 501 506 apr_port_t mgs_hook_default_port(const request_rec * r) 502 507 { 503 mgs_srvconf_rec *sc = 508 mgs_srvconf_rec *sc; 509 510 if (r == NULL) 511 return 0; 512 513 sc = 504 514 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, 505 515 &gnutls_module); … … 580 590 #endif 581 591 592 if (session == NULL) 593 return NULL; 594 582 595 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 583 596 ctxt = gnutls_transport_get_ptr(session); … … 694 707 { 695 708 mgs_handle_t *ctxt; 696 mgs_srvconf_rec *sc = 709 mgs_srvconf_rec *sc; 710 711 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 712 713 if (c == NULL) 714 return DECLINED; 715 716 sc = 697 717 (mgs_srvconf_rec *) ap_get_module_config(c->base_server-> 698 718 module_config, 699 719 &gnutls_module); 700 720 701 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);702 721 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { 703 722 return DECLINED; … … 733 752 int rv = OK; 734 753 754 if (r == NULL) 755 return DECLINED; 756 735 757 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 736 758 apr_table_t *env = r->subprocess_env; … … 739 761 ap_get_module_config(r->connection->conn_config, &gnutls_module); 740 762 741 if (!ctxt ) {763 if (!ctxt || ctxt->session == NULL) { 742 764 return DECLINED; 743 765 } … … 805 827 int rv; 806 828 mgs_handle_t *ctxt; 807 mgs_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, 829 mgs_dirconf_rec *dc; 830 831 if (r == NULL) 832 return DECLINED; 833 834 dc = ap_get_module_config(r->per_dir_config, 808 835 &gnutls_module); 809 836 … … 812 839 ap_get_module_config(r->connection->conn_config, &gnutls_module); 813 840 814 if (!ctxt ) {841 if (!ctxt || ctxt->session == NULL) { 815 842 return DECLINED; 816 843 } … … 875 902 size_t len; 876 903 int ret, i; 904 905 if (r == NULL) 906 return; 877 907 878 908 apr_table_t *env = r->subprocess_env; … … 984 1014 size_t len; 985 1015 int ret; 1016 1017 if (r == NULL) 1018 return; 986 1019 987 1020 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); … … 1044 1077 { 1045 1078 const gnutls_datum_t *cert_list; 1046 unsigned int cert_list_size, status , expired;1079 unsigned int cert_list_size, status; 1047 1080 int rv = GNUTLS_E_NO_CERTIFICATE_FOUND, ret; 1048 1081 unsigned int ch_size = 0; … … 1051 1084 gnutls_openpgp_crt_t pgp; 1052 1085 } cert; 1053 apr_time_t activation_time, expiration_time, cur_time; 1086 apr_time_t expiration_time, cur_time; 1087 1088 if (r == NULL || ctxt == NULL || ctxt->session == NULL) 1089 return HTTP_FORBIDDEN; 1054 1090 1055 1091 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); … … 1117 1153 apr_time_ansi_put(&expiration_time, 1118 1154 gnutls_x509_crt_get_expiration_time(cert.x509[0])); 1119 apr_time_ansi_put(&activation_time,1120 gnutls_x509_crt_get_activation_time(cert.x509[0]));1121 1155 1122 1156 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, … … 1128 1162 apr_time_ansi_put(&expiration_time, 1129 1163 gnutls_openpgp_crt_get_expiration_time(cert.pgp)); 1130 apr_time_ansi_put(&activation_time,1131 gnutls_openpgp_crt_get_creation_time(cert.pgp));1132 1164 1133 1165 rv = gnutls_openpgp_crt_verify_ring(cert.pgp, ctxt->sc->pgp_list, … … 1151 1183 /* ret = gnutls_x509_crt_check_revocation(crt, crl_list, crl_list_size); */ 1152 1184 1153 expired = 0;1154 1185 cur_time = apr_time_now(); 1155 if (activation_time > cur_time) {1156 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,1157 "GnuTLS: Failed to Verify Peer: "1158 "Peer Certificate is not yet activated.");1159 expired = 1;1160 }1161 1162 if (gnutls_certificate_type_get( ctxt->session) != GNUTLS_CRT_OPENPGP || expiration_time != 0) {1163 if (expiration_time < cur_time) {1164 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,1165 "GnuTLS: Failed to Verify Peer: "1166 "Peer Certificate is expired.");1167 expired = 1;1168 }1169 }1170 1186 1171 1187 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { … … 1177 1193 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1178 1194 "GnuTLS: Peer's Certificate signer is not a CA"); 1195 } 1196 1197 if (status & GNUTLS_CERT_INSECURE_ALGORITHM) { 1198 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1199 "GnuTLS: Peer's Certificate is using insecure algorithms"); 1200 } 1201 1202 if (status & GNUTLS_CERT_EXPIRED || status & GNUTLS_CERT_NOT_ACTIVATED) { 1203 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1204 "GnuTLS: Peer's Certificate signer is expired or not yet activated"); 1179 1205 } 1180 1206 … … 1203 1229 } 1204 1230 1205 if (status == 0 && expired == 0) {1231 if (status == 0) { 1206 1232 apr_table_setn(r->subprocess_env, "SSL_CLIENT_VERIFY", "SUCCESS"); 1207 1233 ret = OK; -
src/gnutls_io.c
rbbb9bb1 r5508683 222 222 } 223 223 } 224 225 if (ctxt->session == NULL) { 226 return APR_EGENERAL; 227 } 224 228 225 229 while (1) { … … 361 365 int maxtries = HANDSHAKE_MAX_TRIES; 362 366 363 if (ctxt->status != 0 ) {367 if (ctxt->status != 0 || ctxt->session == NULL) { 364 368 return -1; 365 369 } … … 442 446 { 443 447 int rv; 448 449 if (ctxt->session == NULL) 450 return -1; 444 451 445 452 rv = gnutls_rehandshake(ctxt->session); … … 566 573 apr_bucket_copy(bucket, &e); 567 574 APR_BRIGADE_INSERT_TAIL(ctxt->output_bb, e); 568 575 569 576 if ((status = ap_pass_brigade(f->next, tmpb)) != APR_SUCCESS) { 570 577 apr_brigade_cleanup(ctxt->output_bb); … … 610 617 if (len > 0) { 611 618 612 do { 613 ret = gnutls_record_send(ctxt->session, data, len); 614 } 615 while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); 619 if (ctxt->session == NULL) { 620 ret = GNUTLS_E_INVALID_REQUEST; 621 } else { 622 do { 623 ret = gnutls_record_send(ctxt->session, data, len); 624 } 625 while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); 626 } 616 627 617 628 if (ret < 0) { … … 675 686 return 0; 676 687 } else { 677 gnutls_transport_set_errno(ctxt->session, EINTR); 688 if (ctxt->session) 689 gnutls_transport_set_errno(ctxt->session, EINTR); 678 690 return -1; 679 691 } … … 698 710 || APR_STATUS_IS_EINTR(ctxt->input_rc)) { 699 711 if (len == 0) { 700 gnutls_transport_set_errno(ctxt->session, EINTR); 712 if (ctxt->session) 713 gnutls_transport_set_errno(ctxt->session, EINTR); 701 714 return -1; 702 715 }
Note: See TracChangeset
for help on using the changeset viewer.