Changeset 809c422 in mod_gnutls for src/gnutls_config.c


Ignore:
Timestamp:
Apr 2, 2015, 8:48:19 PM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
bfcff28
Parents:
bd24203
Message:

TLS proxy: Add support for CRLs to back end server verification

When configured as a TLS proxy, mod_gnutls can now use CRLs to check if
the certificate provided by a back end server is still valid. The CRL
file must be provided externally, the new configuration option
"GnuTLSProxyCRLFile" is used to load it.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_config.c

    rbd24203 r809c422  
    635635    sc->proxy_x509_cert_file = NULL;
    636636    sc->proxy_x509_ca_file = NULL;
     637    sc->proxy_x509_crl_file = NULL;
    637638    ret = gnutls_certificate_allocate_credentials(&sc->proxy_x509_creds);
    638639    if (ret < 0)
     
    714715    gnutls_srvconf_merge(proxy_x509_cert_file, NULL);
    715716    gnutls_srvconf_merge(proxy_x509_ca_file, NULL);
     717    gnutls_srvconf_merge(proxy_x509_crl_file, NULL);
    716718
    717719    /* FIXME: the following items are pre-allocated, and should be
     
    788790    else if (!strcasecmp(parms->directive->directive, "GnuTLSProxyCAFile"))
    789791        sc->proxy_x509_ca_file = apr_pstrdup(parms->pool, arg);
    790     /* TODO: Add CRL parameter */
    791     return NULL;
    792 }
     792    else if (!strcasecmp(parms->directive->directive, "GnuTLSProxyCRLFile"))
     793        sc->proxy_x509_crl_file = apr_pstrdup(parms->pool, arg);
     794    return NULL;
     795}
Note: See TracChangeset for help on using the changeset viewer.