Changeset 7d1ab49 in mod_gnutls for src/gnutls_hooks.c
- Timestamp:
- Jan 29, 2013, 8:05:42 PM (8 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
- Children:
- 3e800f9
- Parents:
- 6ef3afc
- git-author:
- Daniel Kahn Gillmor <dkg@…> (01/29/13 18:52:52)
- git-committer:
- Daniel Kahn Gillmor <dkg@…> (01/29/13 20:05:42)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
r6ef3afc r7d1ab49 35 35 static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt); 36 36 /* use side==0 for server and side==1 for client */ 37 static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side );38 static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side );37 static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, int export_full_cert); 38 static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side, int export_full_cert); 39 39 40 40 /* Pool Cleanup Function */ … … 347 347 if (sc->enabled == GNUTLS_ENABLED_UNSET) 348 348 sc->enabled = GNUTLS_ENABLED_FALSE; 349 if (sc->tickets == 349 if (sc->tickets == GNUTLS_ENABLED_UNSET) 350 350 sc->tickets = GNUTLS_ENABLED_TRUE; 351 if (sc->export_certificates_enabled == GNUTLS_ENABLED_UNSET) 352 sc->export_certificates_enabled = GNUTLS_ENABLED_TRUE; 351 353 if (sc->client_verify_mode == -1) 352 354 sc->client_verify_mode = GNUTLS_CERT_IGNORE; … … 772 774 773 775 if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_X509) { 774 mgs_add_common_cert_vars(r, ctxt->sc->certs_x509_chain[0], 0 );776 mgs_add_common_cert_vars(r, ctxt->sc->certs_x509_chain[0], 0, ctxt->sc->export_certificates_enabled); 775 777 } else if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_OPENPGP) { 776 mgs_add_common_pgpcert_vars(r, ctxt->sc->cert_pgp, 0 );778 mgs_add_common_pgpcert_vars(r, ctxt->sc->cert_pgp, 0, ctxt->sc->export_certificates_enabled); 777 779 } 778 780 … … 846 848 */ 847 849 848 /* side is either 0 for SERVER or 1 for CLIENT 850 /* @param side is either 0 for SERVER or 1 for CLIENT 851 * 852 * @param export_full_cert (boolean) export the PEM-encoded 853 * certificate in full as an environment variable. 849 854 */ 850 855 #define MGS_SIDE ((side==0)?"SSL_SERVER":"SSL_CLIENT") 851 856 852 static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side ) {857 static void mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, int export_full_cert) { 853 858 unsigned char sbuf[64]; /* buffer to hold serials */ 854 859 char buf[AP_IOBUFSIZE]; … … 864 869 865 870 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 866 871 if (export_full_cert != 0) { 872 char cert_buf[10 * 1024]; 873 len = sizeof (cert_buf); 874 875 if (gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_PEM, cert_buf, &len) >= 0) 876 apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_CERT", NULL), 877 apr_pstrmemdup(r->pool, cert_buf, len)); 878 else 879 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 880 "GnuTLS: Failed to export X.509 certificate to environment"); 881 } 882 867 883 len = sizeof (buf); 868 884 gnutls_x509_crt_get_dn(cert, buf, &len); … … 974 990 } 975 991 976 static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side) { 992 993 /* @param side 0: server, 1: client 994 * 995 * @param export_full_cert (boolean) export the PEM-encoded 996 * certificate in full as an environment variable. 997 */ 998 static void mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side, int export_full_cert) { 977 999 978 1000 unsigned char sbuf[64]; /* buffer to hold serials */ … … 987 1009 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 988 1010 apr_table_t *env = r->subprocess_env; 1011 1012 if (export_full_cert != 0) { 1013 char cert_buf[10 * 1024]; 1014 len = sizeof (cert_buf); 1015 1016 if (gnutls_openpgp_crt_export(cert, GNUTLS_OPENPGP_FMT_BASE64, cert_buf, &len) >= 0) 1017 apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_CERT", NULL), 1018 apr_pstrmemdup(r->pool, cert_buf, len)); 1019 else 1020 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 1021 "GnuTLS: Failed to export OpenPGP certificate to environment"); 1022 } 989 1023 990 1024 len = sizeof (buf); … … 1188 1222 1189 1223 if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_X509) 1190 mgs_add_common_cert_vars(r, cert.x509[0], 1); 1191 else if (gnutls_certificate_type_get(ctxt->session) == 1192 GNUTLS_CRT_OPENPGP) 1193 mgs_add_common_pgpcert_vars(r, cert.pgp, 1); 1224 mgs_add_common_cert_vars(r, cert.x509[0], 1, ctxt->sc->export_certificates_enabled); 1225 else if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_OPENPGP) 1226 mgs_add_common_pgpcert_vars(r, cert.pgp, 1, ctxt->sc->export_certificates_enabled); 1194 1227 1195 1228 {
Note: See TracChangeset
for help on using the changeset viewer.