Changeset 717206c in mod_gnutls

Timestamp:

Dec 2, 2007, 2:29:05 AM (15 years ago)

Author:

Nokis Mavrogiannopoulos <nmav@…>

Branches:

asyncio, debian/master, debian/stretch-backports, jessie-backports, main, master, msva, proxy-ticket, upstream

Children:

ee65fcb

Parents:

41f7031

git-author:

Nikos Mavrogiannopoulos <nmav@…> (12/02/07 02:29:05)

git-committer:

Nokis Mavrogiannopoulos <nmav@…> (12/02/07 02:29:05)

Message:

more fixes for subject alternative name.

File:

• src/gnutls_hooks.c (modified) (7 diffs)

src/gnutls_hooks.c

@@ -98 +98 @@
                        pool);
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
                      "GnuTLS failed to load params file at: %s. Will use internal params.",
                      file);
@@ -107 +107 @@
 
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
                      "GnuTLS failed to stat params file at: %s", file);
         return ret;
@@ -116 +116 @@
 
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
                      "GnuTLS failed to read params file at: %s", file);
         return ret;
@@ -210 +210 @@
  * Returns negative on error.
  */
-static int read_crt_cn(apr_pool_t * p, gnutls_x509_crt cert,
+static int read_crt_cn(server_rec *s, apr_pool_t * p, gnutls_x509_crt cert,
                        char **cert_cn)
 {
@@ -228 +228 @@
                   GNUTLS_OID_X520_COMMON_NAME, 0, 0, *cert_cn, &data_len);
     } else {                    /* No CN return subject alternative name */
-
+        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+                     "No common name found in certificate for '%s:%d'. Looking for subject alternative name.", 
+                     s->server_hostname, s->port);
+        rv = 0;
         /* read subject alternative name */
         for (i = 0; !(rv < 0); i++) {
             rv = gnutls_x509_crt_get_subject_alt_name(cert, i,
                     NULL, &data_len, NULL);
-                    
-            if (rv == GNUTLS_SAN_DNSNAME) {
-                *cert_cn = apr_palloc(p, data_len);
-                rv = gnutls_x509_crt_get_subject_alt_name(cert, i,
-                    *cert_cn, &data_len, NULL);
-                break;
-
-            }
+
+            if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {
+                /* FIXME: not very efficient. What if we have several alt names
+                 * before DNSName?
+                 */
+                *cert_cn = apr_palloc(p, data_len+1);
+               
+                rv = gnutls_x509_crt_get_subject_alt_name(cert, i,
+                  *cert_cn, &data_len, NULL);
+                (*cert_cn)[data_len]=0;
+
+                if (rv == GNUTLS_SAN_DNSNAME)
+                  break;
+            }
         }
     }
@@ -387 +396 @@
 
             if (sc->enabled == GNUTLS_ENABLED_TRUE) {
-                rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn);
+                rv = read_crt_cn(s, p, sc->cert_x509, &sc->cert_cn);
                 if (rv < 0) {
                     ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
-                             "[GnuTLS] - Cannot find a certificate for host '%s:%d'! Disabling TLS.",
+                             "[GnuTLS] - Cannot find a certificate for host '%s:%d'!",
                              s->server_hostname, s->port);
-                    sc->enabled = GNUTLS_ENABLED_FALSE;
                     sc->cert_cn = NULL;
                     continue;
@@ -488 +496 @@
          */
         return 1;
+    } else {
+#if MOD_GNUTLS_DEBUG
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
+                     x->ctxt->c->base_server,
+                     "GnuTLS: Virtual Host CB: "
+                     "'%s' != '%s'", tsc->cert_cn, x->sni_name);
+#endif
+    
     }
     return 0;