Changeset 564f33f in mod_gnutls for src/gnutls_proxy.c
- Timestamp:
- Dec 17, 2018, 4:39:50 PM (2 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- c7710cf
- Parents:
- 0378c22
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_proxy.c
r0378c22 r564f33f 19 19 #include "gnutls_util.h" 20 20 21 #include <apr_strings.h> 21 22 #include <gnutls/gnutls.h> 22 23 … … 290 291 return ret; 291 292 } 293 294 295 296 static void proxy_conn_set_sni(mgs_handle_t *ctxt) 297 { 298 /* Get peer hostname from note left by mod_proxy */ 299 const char *peer_hostname = 300 apr_table_get(ctxt->c->notes, PROXY_SNI_NOTE); 301 /* Used only as target for apr_ipsubnet_create() */ 302 apr_ipsubnet_t *probe; 303 /* Check if the note is present (!= NULL) and NOT an IP 304 * address */ 305 if ((peer_hostname) != NULL 306 && (apr_ipsubnet_create(&probe, peer_hostname, NULL, ctxt->c->pool) 307 != APR_SUCCESS)) 308 { 309 int ret = gnutls_server_name_set(ctxt->session, GNUTLS_NAME_DNS, 310 peer_hostname, strlen(peer_hostname)); 311 if (ret != GNUTLS_E_SUCCESS) 312 ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, ctxt->c, 313 "Could not set SNI '%s' for proxy connection: " 314 "%s (%d)", 315 peer_hostname, gnutls_strerror(ret), ret); 316 } 317 } 318 319 320 321 static void proxy_conn_set_alpn(mgs_handle_t *ctxt) 322 { 323 const char *proxy_alpn = 324 apr_table_get(ctxt->c->notes, PROXY_ALPN_NOTE); 325 if (proxy_alpn != NULL) 326 { 327 // TODO: mod_ssl ssl_engine_io.c does some tokenization of 328 // the input string, so it looks like the API allows 329 // multiple protocols. 330 gnutls_datum_t alpn_proto = { 331 .data = (unsigned char *) apr_pstrdup(ctxt->c->pool, proxy_alpn), 332 .size = strlen(proxy_alpn) 333 }; 334 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c, 335 "%s: proxy module requests ALPN proto '%s', " 336 "length %" APR_SIZE_T_FMT ".", 337 __func__, proxy_alpn, strlen(proxy_alpn)); 338 int ret = gnutls_alpn_set_protocols(ctxt->session, 339 &alpn_proto, 340 1 /* number of proposals */, 341 0 /* flags */); 342 if (ret != GNUTLS_E_SUCCESS) 343 ap_log_cerror(APLOG_MARK, APLOG_ERR, ret, ctxt->c, 344 "Could not set ALPN proposal '%s' for proxy " 345 "connection: %s (%d)", 346 proxy_alpn, gnutls_strerror(ret), ret); 347 } 348 } 349 350 351 352 void mgs_set_proxy_handshake_ext(mgs_handle_t *ctxt) 353 { 354 proxy_conn_set_sni(ctxt); 355 proxy_conn_set_alpn(ctxt); 356 }
Note: See TracChangeset
for help on using the changeset viewer.