Changeset 556783e in mod_gnutls for src/gnutls_cache.c


Ignore:
Timestamp:
Jul 24, 2019, 2:29:40 AM (9 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master
Children:
e376ed8
Parents:
81018a4
Message:

Provide OCSP response via gnutls_certificate_retrieve_function3 callback

This replaces the old OCSP callback function, which is still used
internally.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_cache.c

    r81018a4 r556783e  
    175175#define SOCACHE_FETCH_BUF_SIZE (8 * 1024)
    176176
    177 gnutls_datum_t mgs_cache_fetch(mgs_cache_t cache, server_rec *server,
    178                                gnutls_datum_t key, apr_pool_t *pool)
    179 {
    180     gnutls_datum_t data = {NULL, 0};
    181     data.data = gnutls_malloc(SOCACHE_FETCH_BUF_SIZE);
    182     if (data.data == NULL)
    183         return data;
    184     data.size = SOCACHE_FETCH_BUF_SIZE;
    185 
     177apr_status_t mgs_cache_fetch(mgs_cache_t cache, server_rec *server,
     178                             gnutls_datum_t key, gnutls_datum_t *output,
     179                             apr_pool_t *pool)
     180{
    186181    apr_pool_t *spool;
    187182    apr_pool_create(&spool, pool);
     
    191186    apr_status_t rv = cache->prov->retrieve(cache->socache, server,
    192187                                            key.data, key.size,
    193                                             data.data, &data.size,
     188                                            output->data, &output->size,
    194189                                            spool);
    195190    if (cache->prov->flags & AP_SOCACHE_FLAG_NOTMPSAFE)
     
    207202                         "error fetching from cache '%s:%s'",
    208203                         cache->prov->name, cache->config);
     204    }
     205    else
     206    {
     207        ap_log_error(APLOG_MARK, APLOG_TRACE1, rv, server,
     208                     "fetched %u bytes from cache '%s:%s'",
     209                     output->size, cache->prov->name, cache->config);
     210    }
     211    apr_pool_destroy(spool);
     212
     213    return rv;
     214}
     215
     216
     217
     218/**
     219 * Fetch function for the GnuTLS session cache, see
     220 * gnutls_db_set_retrieve_function().
     221 *
     222 * *Warning*: The `data` element of the returned `gnutls_datum_t` is
     223 * allocated using `gnutls_malloc()` for compatibility with the GnuTLS
     224 * session caching API, and must be released using `gnutls_free()`.
     225 *
     226 * @param baton mgs_handle_t for the connection, as set via
     227 * gnutls_db_set_ptr()
     228 *
     229 * @param key object key to fetch
     230 *
     231 * @return the requested cache entry, or `{NULL, 0}`
     232 */
     233static gnutls_datum_t socache_fetch_session(void *baton, gnutls_datum_t key)
     234{
     235    gnutls_datum_t data = {NULL, 0};
     236    gnutls_datum_t dbmkey;
     237    mgs_handle_t *ctxt = baton;
     238
     239    if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0)
     240        return data;
     241
     242    data.data = gnutls_malloc(SOCACHE_FETCH_BUF_SIZE);
     243    if (data.data == NULL)
     244        return data;
     245    data.size = SOCACHE_FETCH_BUF_SIZE;
     246
     247    apr_status_t rv = mgs_cache_fetch(ctxt->sc->cache, ctxt->c->base_server,
     248                                      dbmkey, &data, ctxt->c->pool);
     249
     250    if (rv != APR_SUCCESS)
     251    {
    209252        /* free unused buffer */
    210253        gnutls_free(data.data);
     
    214257    else
    215258    {
    216         ap_log_error(APLOG_MARK, APLOG_TRACE1, rv, server,
    217                      "fetched %u bytes from cache '%s:%s'",
    218                      data.size, cache->prov->name, cache->config);
    219 
    220259        /* Realloc buffer to data.size. Data size must be less than or
    221260         * equal to the initial buffer size, so this REALLY should not
     
    224263        if (__builtin_expect(data.data == NULL, 0))
    225264        {
    226             ap_log_error(APLOG_MARK, APLOG_CRIT, APR_ENOMEM, server,
     265            ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_ENOMEM, ctxt->c,
    227266                         "%s: Could not realloc fetch buffer to data size!",
    228267                         __func__);
     
    230269        }
    231270    }
    232     apr_pool_destroy(spool);
    233271
    234272    return data;
    235 }
    236 
    237 
    238 
    239 /**
    240  * Fetch function for the GnuTLS session cache, see
    241  * gnutls_db_set_retrieve_function().
    242  *
    243  * *Warning*: The `data` element of the returned `gnutls_datum_t` is
    244  * allocated using `gnutls_malloc()` for compatibility with the GnuTLS
    245  * session caching API, and must be released using `gnutls_free()`.
    246  *
    247  * @param baton mgs_handle_t for the connection, as set via
    248  * gnutls_db_set_ptr()
    249  *
    250  * @param key object key to fetch
    251  *
    252  * @return the requested cache entry, or `{NULL, 0}`
    253  */
    254 static gnutls_datum_t socache_fetch_session(void *baton, gnutls_datum_t key)
    255 {
    256     gnutls_datum_t data = {NULL, 0};
    257     gnutls_datum_t dbmkey;
    258     mgs_handle_t *ctxt = baton;
    259 
    260     if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0)
    261         return data;
    262 
    263     return mgs_cache_fetch(ctxt->sc->cache, ctxt->c->base_server,
    264                            dbmkey, ctxt->c->pool);
    265273}
    266274
Note: See TracChangeset for help on using the changeset viewer.