Changeset 60868d2 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Sep 30, 2018, 6:04:48 AM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
0d7660d
Parents:
bd1d8d3
git-author:
Fiona Klute <fiona.klute@…> (09/30/18 05:43:44)
git-committer:
Fiona Klute <fiona.klute@…> (09/30/18 06:04:48)
Message:

Default to NORMAL for the GnuTLS priority settings

This simplifies configuration and should be resonable for most users.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    rbd1d8d3 r60868d2  
    5353static gnutls_datum_t session_ticket_key = {NULL, 0};
    5454
     55
     56/** Default GnuTLS priority string for mod_gnutls */
     57#define MGS_DEFAULT_PRIORITY "NORMAL"
     58/** Compiled version of MGS_DEFAULT_PRIORITY (initialized in the
     59 * pre_config hook) */
     60static gnutls_priority_t default_prio;
     61
     62
    5563static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt);
    5664/* use side==0 for server and side==1 for client */
     
    7381    session_ticket_key.data = NULL;
    7482    session_ticket_key.size = 0;
     83
     84    /* Deinit default priority setting */
     85    gnutls_priority_deinit(default_prio);
    7586    return APR_SUCCESS;
    7687}
     
    124135                ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, plog, "gnutls_session_ticket_key_generate: %s", gnutls_strerror(ret));
    125136                return DONE;
     137    }
     138
     139    /* Initialize default priority setting */
     140    ret = gnutls_priority_init(&default_prio, MGS_DEFAULT_PRIORITY, NULL);
     141    if (ret < 0)
     142    {
     143        ap_log_perror(APLOG_MARK, APLOG_EMERG, 0, plog,
     144                      "gnutls_priority_init failed for default '%s': %s (%d)",
     145                      MGS_DEFAULT_PRIORITY, gnutls_strerror(ret), ret);
     146        return DONE;
    126147    }
    127148
     
    648669        /* Check if the priorities have been set */
    649670        if (sc->priorities == NULL && sc->enabled == GNUTLS_ENABLED_TRUE) {
    650             ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    651                     "GnuTLS: Host '%s:%d' is missing the GnuTLSPriorities directive!",
    652                     s->server_hostname, s->port);
    653             return HTTP_NOT_ACCEPTABLE;
     671            ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
     672                         "No GnuTLSPriorities directive for host '%s:%d', "
     673                         "using default '%s'.",
     674                         s->server_hostname, s->addrs->host_port,
     675                         MGS_DEFAULT_PRIORITY);
     676            sc->priorities = default_prio;
    654677        }
    655678
     
    10811104
    10821105    /* Set Default Priority */
    1083         err = gnutls_priority_set_direct(ctxt->session, "NORMAL", NULL);
     1106        err = gnutls_priority_set(ctxt->session, default_prio);
    10841107    if (err != GNUTLS_E_SUCCESS)
    1085         ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_priority_set_direct failed!");
     1108        ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c,
     1109                      "gnutls_priority_set failed!");
    10861110    /* Set Handshake function */
    10871111    gnutls_handshake_set_post_client_hello_function(ctxt->session,
     
    19992023    }
    20002024
    2001     if (sc->proxy_priorities)
     2025    /* Deinit proxy priorities only if set from
     2026     * sc->proxy_priorities_str. Otherwise the server is using the
     2027     * default global priority cache, which must not be deinitialized
     2028     * here. */
     2029    if (sc->proxy_priorities_str && sc->proxy_priorities)
    20022030    {
    20032031        gnutls_priority_deinit(sc->proxy_priorities);
     
    20592087    if (sc->proxy_priorities_str == NULL)
    20602088    {
    2061         ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    2062                      "Host '%s:%d' is missing the GnuTLSProxyPriorities "
    2063                      "directive!",
    2064                      s->server_hostname, s->port);
    2065         return APR_EGENERAL;
    2066     }
    2067     /* parse proxy priorities */
    2068     const char *err_pos = NULL;
    2069     err = gnutls_priority_init(&sc->proxy_priorities,
    2070                                sc->proxy_priorities_str, &err_pos);
    2071     if (err != GNUTLS_E_SUCCESS)
    2072     {
    2073         if (ret == GNUTLS_E_INVALID_REQUEST)
    2074             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
    2075                          "%s: Syntax error parsing proxy priorities "
    2076                          "string at: %s",
    2077                          __func__, err_pos);
    2078         else
    2079             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
    2080                          "Error setting proxy priorities: %s (%d)",
    2081                          gnutls_strerror(err), err);
    2082         ret = APR_EGENERAL;
     2089        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
     2090                     "No GnuTLSProxyPriorities directive for host '%s:%d', "
     2091                     "using default '%s'.",
     2092                     s->server_hostname, s->addrs->host_port,
     2093                     MGS_DEFAULT_PRIORITY);
     2094        sc->proxy_priorities = default_prio;
     2095    }
     2096    else
     2097    {
     2098        /* parse proxy priorities */
     2099        const char *err_pos = NULL;
     2100        err = gnutls_priority_init(&sc->proxy_priorities,
     2101                                   sc->proxy_priorities_str, &err_pos);
     2102        if (err != GNUTLS_E_SUCCESS)
     2103        {
     2104            if (ret == GNUTLS_E_INVALID_REQUEST)
     2105                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
     2106                             "%s: Syntax error parsing proxy priorities "
     2107                             "string at: %s",
     2108                             __func__, err_pos);
     2109            else
     2110                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
     2111                             "Error setting proxy priorities: %s (%d)",
     2112                             gnutls_strerror(err), err);
     2113            ret = APR_EGENERAL;
     2114        }
    20832115    }
    20842116
Note: See TracChangeset for help on using the changeset viewer.