Changeset 81018a4 in mod_gnutls for src/gnutls_hooks.c
- Timestamp:
- Jul 23, 2019, 2:33:41 AM (20 months ago)
- Branches:
- asyncio, master, proxy-ticket
- Children:
- 556783e
- Parents:
- 65c84e5
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
r65c84e5 r81018a4 73 73 { 74 74 /* Free session ticket master key */ 75 #if GNUTLS_VERSION_NUMBER >= 0x03040076 75 gnutls_memset(session_ticket_key.data, 0, session_ticket_key.size); 77 #endif78 76 gnutls_free(session_ticket_key.data); 79 77 session_ticket_key.data = NULL; … … 420 418 421 419 422 #if GNUTLS_VERSION_NUMBER >= 0x030506423 #define HAVE_KNOWN_DH_GROUPS 1424 #endif425 #ifdef HAVE_KNOWN_DH_GROUPS426 420 /** 427 421 * Try to estimate a GnuTLS security parameter based on the given … … 450 444 return gnutls_pk_bits_to_sec_param(pk_algo, bits); 451 445 } 452 #else453 /** ffdhe2048 DH group as defined in RFC 7919, Appendix A.1. This is454 * the default DH group if mod_gnutls is compiled agains a GnuTLS455 * version that does not provide known DH groups based on security456 * parameters (before 3.5.6). */457 static const char FFDHE2048_PKCS3[] =458 "-----BEGIN DH PARAMETERS-----\n"459 "MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n"460 "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n"461 "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n"462 "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n"463 "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n"464 "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICAQA=\n"465 "-----END DH PARAMETERS-----\n";466 const gnutls_datum_t default_dh_params = {467 (void *) FFDHE2048_PKCS3,468 sizeof(FFDHE2048_PKCS3)469 };470 #endif471 446 472 447 … … 488 463 ap_get_module_config(server->module_config, &gnutls_module); 489 464 490 #ifdef HAVE_KNOWN_DH_GROUPS491 465 gnutls_sec_param_t seclevel = GNUTLS_SEC_PARAM_UNKNOWN; 492 466 if (sc->privkey_x509) … … 522 496 return HTTP_UNAUTHORIZED; 523 497 } 524 #else525 int ret = gnutls_dh_params_init(&sc->dh_params);526 if (ret < 0)527 {528 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server,529 "%s: Failed to initialize DH params structure: "530 "%s (%d)", __func__, gnutls_strerror(ret), ret);531 return HTTP_UNAUTHORIZED;532 }533 ret = gnutls_dh_params_import_pkcs3(sc->dh_params, &default_dh_params,534 GNUTLS_X509_FMT_PEM);535 if (ret < 0)536 {537 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server,538 "%s: Failed to import default DH params: %s (%d)",539 __func__, gnutls_strerror(ret), ret);540 return HTTP_UNAUTHORIZED;541 }542 543 gnutls_certificate_set_dh_params(sc->certs, sc->dh_params);544 gnutls_anon_set_server_dh_params(sc->anon_creds, sc->dh_params);545 #endif546 498 547 499 return OK; … … 1362 1314 gnutls_mac_get(ctxt->session))); 1363 1315 1364 #if GNUTLS_VERSION_NUMBER >= 0x0306001365 1316 /* Compression support has been removed since GnuTLS 3.6.0 */ 1366 1317 apr_table_setn(env, "SSL_COMPRESS_METHOD", "NULL"); 1367 #else1368 apr_table_setn(env, "SSL_COMPRESS_METHOD",1369 gnutls_compression_get_name(gnutls_compression_get(ctxt->session)));1370 #endif1371 1318 1372 1319 #ifdef ENABLE_SRP
Note: See TracChangeset
for help on using the changeset viewer.