Changeset 81433f1 in mod_gnutls
- Timestamp:
- Jun 15, 2016, 1:32:14 PM (3 years ago)
- Branches:
- debian/master, debian/stretch-backports, master, upstream
- Children:
- db9ef68
- Parents:
- e2ba939
- git-author:
- Thomas Klute <thomas2.klute@…> (06/15/16 12:37:30)
- git-committer:
- Thomas Klute <thomas2.klute@…> (06/15/16 13:32:14)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_config.c
re2ba939 r81433f1 157 157 int ret; 158 158 mgs_srvconf_rec *sc = 159 160 159 (mgs_srvconf_rec *) ap_get_module_config(s->module_config, 160 &gnutls_module); 161 161 162 162 apr_pool_create(&spool, p); … … 211 211 } 212 212 213 if (sc->srp_tpasswd_conf_file != NULL && sc->srp_tpasswd_file != NULL) {214 ret = gnutls_srp_set_server_credentials_file 215 (sc->srp_creds, sc->srp_tpasswd_file, 216 sc->srp_tpasswd_conf_file); 217 218 if (ret < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) { 219 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, 220 221 222 223 224 225 226 213 if (sc->srp_tpasswd_conf_file != NULL && sc->srp_tpasswd_file != NULL) 214 { 215 ret = gnutls_srp_set_server_credentials_file 216 (sc->srp_creds, sc->srp_tpasswd_file, 217 sc->srp_tpasswd_conf_file); 218 219 if (ret < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) { 220 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 221 "GnuTLS: Host '%s:%d' is missing a " 222 "SRP password or conf File!", 223 s->server_hostname, s->port); 224 ret = -1; 225 goto cleanup; 226 } 227 227 } 228 228 #endif … … 239 239 } 240 240 241 /* Load DH parameters */ 242 if (sc->dh_file) { 243 if (load_datum_from_file(spool, sc->dh_file, &data) != 0) { 244 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 245 "GnuTLS: Error Reading " "DH params '%s'", sc->dh_file); 246 ret = -1; 247 goto cleanup; 248 } 249 250 ret = 251 gnutls_dh_params_import_pkcs3(sc->dh_params, &data, 252 GNUTLS_X509_FMT_PEM); 253 if (ret < 0) { 254 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 255 "GnuTLS: Failed to Import " 256 "DH params '%s': (%d) %s", sc->dh_file, ret, 257 gnutls_strerror(ret)); 258 ret = -1; 259 goto cleanup; 260 } 261 } else { 262 gnutls_datum_t pdata = { 263 (void *) static_dh_params, 264 sizeof(static_dh_params) 265 }; 266 267 ret = gnutls_dh_params_import_pkcs3(sc->dh_params, &pdata, GNUTLS_X509_FMT_PEM); 268 if (ret < 0) { 269 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 270 "GnuTLS: Unable to generate or load DH Params: (%d) %s", 271 ret, gnutls_strerror(ret)); 272 ret = -1; 273 goto cleanup; 274 } 275 } 241 /* Load DH parameters */ 242 if (sc->dh_file) 243 { 244 if (load_datum_from_file(spool, sc->dh_file, &data) != 0) { 245 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 246 "GnuTLS: Error Reading " "DH params '%s'", sc->dh_file); 247 ret = -1; 248 goto cleanup; 249 } 250 251 ret = 252 gnutls_dh_params_import_pkcs3(sc->dh_params, &data, 253 GNUTLS_X509_FMT_PEM); 254 if (ret < 0) { 255 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 256 "GnuTLS: Failed to Import " 257 "DH params '%s': (%d) %s", sc->dh_file, ret, 258 gnutls_strerror(ret)); 259 ret = -1; 260 goto cleanup; 261 } 262 } else { 263 gnutls_datum_t pdata = { 264 (void *) static_dh_params, 265 sizeof(static_dh_params) 266 }; 267 268 ret = gnutls_dh_params_import_pkcs3(sc->dh_params, &pdata, GNUTLS_X509_FMT_PEM); 269 if (ret < 0) { 270 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 271 "GnuTLS: Unable to generate or load DH Params: (%d) %s", 272 ret, gnutls_strerror(ret)); 273 ret = -1; 274 goto cleanup; 275 } 276 } 276 277 } 277 278 … … 281 282 unsigned format = GNUTLS_X509_FMT_PEM; 282 283 283 /* Load X.509 certificate */ 284 if (strncmp(sc->x509_cert_file, "pkcs11:", 7) == 0) { 285 gnutls_pkcs11_obj_t obj; 286 287 file = sc->x509_cert_file; 288 289 ret = gnutls_pkcs11_obj_init(&obj); 290 if (ret < 0) { 291 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 292 "GnuTLS: Error Initializing PKCS #11 object"); 293 ret = -1; 294 goto cleanup; 295 } 296 297 gnutls_pkcs11_obj_set_pin_function(obj, pin_callback, sc); 298 299 ret = gnutls_pkcs11_obj_import_url(obj, file, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); 300 if (ret < 0) { 301 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 302 "GnuTLS: Error Importing PKCS #11 object: '%s': %s", 303 file, gnutls_strerror(ret)); 304 ret = -1; 305 goto cleanup; 306 } 307 308 format = GNUTLS_X509_FMT_DER; 309 ret = gnutls_pkcs11_obj_export2(obj, &data); 310 if (ret < 0) { 311 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 312 "GnuTLS: Error Exporting a PKCS #11 object: '%s': %s", 313 file, gnutls_strerror(ret)); 314 ret = -1; 315 goto cleanup; 316 } 317 318 gnutls_pkcs11_obj_deinit(obj); 319 } else { 320 file = ap_server_root_relative(spool, sc->x509_cert_file); 321 322 ret = gnutls_load_file(file, &data); 323 if (ret < 0) { 324 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 325 "GnuTLS: Error Reading Certificate '%s': %s", 326 file, gnutls_strerror(ret)); 327 ret = -1; 328 goto cleanup; 329 } 330 } 331 332 ret = gnutls_x509_crt_list_import(sc->certs_x509_crt_chain, 333 &chain_num, &data, format, 334 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); 335 gnutls_free(data.data); 336 sc->certs_x509_chain_num = chain_num; 337 338 if (ret < 0) { 339 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 340 "GnuTLS: Failed to Import Certificate Chain '%s': (%d) %s", 341 file, ret, gnutls_strerror(ret)); 342 ret = -1; 343 goto cleanup; 344 } 345 346 for (unsigned int i = 0; i < chain_num; i++) 347 { 348 ret = 349 gnutls_pcert_import_x509(&sc->certs_x509_chain[i], 350 sc->certs_x509_crt_chain[i], 0); 351 if (ret < 0) { 352 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 353 "GnuTLS: Failed to Import pCertificate '%s': (%d) %s", 354 file, ret, gnutls_strerror(ret)); 355 ret = -1; 356 goto cleanup; 357 } 358 } 359 sc->certs_x509_chain_num = chain_num; 284 /* Load X.509 certificate */ 285 if (strncmp(sc->x509_cert_file, "pkcs11:", 7) == 0) { 286 gnutls_pkcs11_obj_t obj; 287 288 file = sc->x509_cert_file; 289 290 ret = gnutls_pkcs11_obj_init(&obj); 291 if (ret < 0) { 292 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 293 "GnuTLS: Error Initializing PKCS #11 object"); 294 ret = -1; 295 goto cleanup; 296 } 297 298 gnutls_pkcs11_obj_set_pin_function(obj, pin_callback, sc); 299 300 ret = gnutls_pkcs11_obj_import_url(obj, file, 301 GNUTLS_PKCS11_OBJ_FLAG_LOGIN); 302 if (ret < 0) { 303 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 304 "GnuTLS: Error Importing PKCS #11 object: " 305 "'%s': %s", 306 file, gnutls_strerror(ret)); 307 ret = -1; 308 goto cleanup; 309 } 310 311 format = GNUTLS_X509_FMT_DER; 312 ret = gnutls_pkcs11_obj_export2(obj, &data); 313 if (ret < 0) { 314 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 315 "GnuTLS: Error Exporting a PKCS #11 object: " 316 "'%s': %s", 317 file, gnutls_strerror(ret)); 318 ret = -1; 319 goto cleanup; 320 } 321 322 gnutls_pkcs11_obj_deinit(obj); 323 } else { 324 file = ap_server_root_relative(spool, sc->x509_cert_file); 325 326 ret = gnutls_load_file(file, &data); 327 if (ret < 0) { 328 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 329 "GnuTLS: Error Reading Certificate '%s': %s", 330 file, gnutls_strerror(ret)); 331 ret = -1; 332 goto cleanup; 333 } 334 } 335 336 ret = gnutls_x509_crt_list_import(sc->certs_x509_crt_chain, 337 &chain_num, &data, format, 338 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); 339 gnutls_free(data.data); 340 sc->certs_x509_chain_num = chain_num; 341 342 if (ret < 0) { 343 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 344 "GnuTLS: Failed to Import Certificate Chain " 345 "'%s': (%d) %s", 346 file, ret, gnutls_strerror(ret)); 347 ret = -1; 348 goto cleanup; 349 } 350 351 for (unsigned int i = 0; i < chain_num; i++) 352 { 353 ret = 354 gnutls_pcert_import_x509(&sc->certs_x509_chain[i], 355 sc->certs_x509_crt_chain[i], 0); 356 if (ret < 0) { 357 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 358 "GnuTLS: Failed to Import pCertificate " 359 "'%s': (%d) %s", 360 file, ret, gnutls_strerror(ret)); 361 ret = -1; 362 goto cleanup; 363 } 364 } 365 sc->certs_x509_chain_num = chain_num; 360 366 } 361 367 362 368 if (sc->x509_key_file && sc->privkey_x509 == NULL) 363 369 { 364 ret = gnutls_privkey_init(&sc->privkey_x509); 365 if (ret < 0) { 366 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 367 "GnuTLS: Failed to initialize: (%d) %s", ret, 368 gnutls_strerror(ret)); 369 ret = -1; 370 goto cleanup; 371 } 372 373 if (gnutls_url_is_supported(sc->x509_key_file) != 0) { 374 file = sc->x509_key_file; 375 376 gnutls_privkey_set_pin_function(sc->privkey_x509, pin_callback, 377 sc); 378 379 ret = gnutls_privkey_import_url(sc->privkey_x509, file, 0); 380 381 if (ret < 0) { 382 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 383 "GnuTLS: Failed to Import Private Key URL '%s': (%d) %s", 384 file, ret, gnutls_strerror(ret)); 385 ret = -1; 386 goto cleanup; 387 } 388 } else { 389 file = ap_server_root_relative(spool, sc->x509_key_file); 390 391 if (load_datum_from_file(spool, file, &data) != 0) { 392 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 393 "GnuTLS: Error Reading Private Key '%s'", 394 file); 395 ret = -1; 396 goto cleanup; 397 } 398 399 ret = 400 gnutls_privkey_import_x509_raw(sc->privkey_x509, &data, 401 GNUTLS_X509_FMT_PEM, sc->pin, 402 0); 403 404 if (ret < 0) { 405 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 406 "GnuTLS: Failed to Import Private Key '%s': (%d) %s", 407 file, ret, gnutls_strerror(ret)); 408 ret = -1; 409 goto cleanup; 410 } 411 } 370 ret = gnutls_privkey_init(&sc->privkey_x509); 371 if (ret < 0) { 372 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 373 "GnuTLS: Failed to initialize: (%d) %s", ret, 374 gnutls_strerror(ret)); 375 ret = -1; 376 goto cleanup; 377 } 378 379 if (gnutls_url_is_supported(sc->x509_key_file) != 0) { 380 file = sc->x509_key_file; 381 382 gnutls_privkey_set_pin_function(sc->privkey_x509, pin_callback, 383 sc); 384 385 ret = gnutls_privkey_import_url(sc->privkey_x509, file, 0); 386 387 if (ret < 0) { 388 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 389 "GnuTLS: Failed to Import Private Key URL " 390 "'%s': (%d) %s", 391 file, ret, gnutls_strerror(ret)); 392 ret = -1; 393 goto cleanup; 394 } 395 } else { 396 file = ap_server_root_relative(spool, sc->x509_key_file); 397 398 if (load_datum_from_file(spool, file, &data) != 0) { 399 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 400 "GnuTLS: Error Reading Private Key '%s'", 401 file); 402 ret = -1; 403 goto cleanup; 404 } 405 406 ret = 407 gnutls_privkey_import_x509_raw(sc->privkey_x509, &data, 408 GNUTLS_X509_FMT_PEM, sc->pin, 409 0); 410 411 if (ret < 0) { 412 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 413 "GnuTLS: Failed to Import Private Key " 414 "'%s': (%d) %s", 415 file, ret, gnutls_strerror(ret)); 416 ret = -1; 417 goto cleanup; 418 } 419 } 412 420 } 413 421 414 422 /* Load the X.509 CA file */ 415 if (sc->x509_ca_file) {416 if (load_datum_from_file(spool, sc->x509_ca_file, &data) != 0){417 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 418 "GnuTLS: Error Reading " "Client CA File '%s'",419 sc->x509_ca_file); 420 ret = -1;421 goto cleanup;422 } 423 424 ret = gnutls_x509_crt_list_import2(&sc->ca_list, &sc->ca_list_size, 425 &data, GNUTLS_X509_FMT_PEM, 0); 426 if (ret < 0) { 427 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 428 "GnuTLS: Failed to load " 429 "Client CA File '%s': (%d) %s", sc->x509_ca_file, 430 ret, gnutls_strerror(ret)); 431 ret = -1;432 goto cleanup;433 } 434 }435 436 if (sc->pgp_cert_file) { 437 if (load_datum_from_file(spool, sc->pgp_cert_file, &data) != 0) { 438 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 439 "GnuTLS: Error Reading " "Certificate '%s'", 440 sc->pgp_cert_file); 441 ret = -1; 442 goto cleanup;443 } 444 445 ret = gnutls_openpgp_crt_init(&sc->cert_crt_pgp[0]); 446 if (ret < 0) { 447 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 448 "GnuTLS: Failed to Init " 449 "PGP Certificate: (%d) %s", ret,450 gnutls_strerror(ret)); 451 ret = -1; 452 goto cleanup;453 } 454 455 ret = 456 gnutls_openpgp_crt_import(sc->cert_crt_pgp[0], &data, 457 GNUTLS_OPENPGP_FMT_BASE64); 458 if (ret < 0) { 459 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 460 "GnuTLS: Failed to Import " 461 "PGP Certificate: (%d) %s", ret, 462 gnutls_strerror(ret)); 463 ret = -1;464 goto cleanup;465 } 466 467 ret = 468 gnutls_pcert_import_openpgp(sc->cert_pgp, sc->cert_crt_pgp[0],469 470 471 472 473 474 475 476 477 423 if (sc->x509_ca_file) 424 { 425 if (load_datum_from_file(spool, sc->x509_ca_file, &data) != 0) { 426 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 427 "GnuTLS: Error Reading " "Client CA File '%s'", 428 sc->x509_ca_file); 429 ret = -1; 430 goto cleanup; 431 } 432 433 ret = gnutls_x509_crt_list_import2(&sc->ca_list, &sc->ca_list_size, 434 &data, GNUTLS_X509_FMT_PEM, 0); 435 if (ret < 0) { 436 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 437 "GnuTLS: Failed to load " 438 "Client CA File '%s': (%d) %s", sc->x509_ca_file, 439 ret, gnutls_strerror(ret)); 440 ret = -1; 441 goto cleanup; 442 } 443 } 444 445 if (sc->pgp_cert_file) 446 { 447 if (load_datum_from_file(spool, sc->pgp_cert_file, &data) != 0) { 448 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 449 "GnuTLS: Error Reading " "Certificate '%s'", 450 sc->pgp_cert_file); 451 ret = -1; 452 goto cleanup; 453 } 454 455 ret = gnutls_openpgp_crt_init(&sc->cert_crt_pgp[0]); 456 if (ret < 0) { 457 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 458 "GnuTLS: Failed to Init " 459 "PGP Certificate: (%d) %s", ret, 460 gnutls_strerror(ret)); 461 ret = -1; 462 goto cleanup; 463 } 464 465 ret = gnutls_openpgp_crt_import(sc->cert_crt_pgp[0], &data, 466 GNUTLS_OPENPGP_FMT_BASE64); 467 if (ret < 0) { 468 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 469 "GnuTLS: Failed to Import " 470 "PGP Certificate: (%d) %s", ret, 471 gnutls_strerror(ret)); 472 ret = -1; 473 goto cleanup; 474 } 475 476 ret = gnutls_pcert_import_openpgp(sc->cert_pgp, 477 sc->cert_crt_pgp[0], 0); 478 if (ret < 0) { 479 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 480 "GnuTLS: Failed to Import " 481 "PGP pCertificate: (%d) %s", ret, 482 gnutls_strerror(ret)); 483 ret = -1; 484 goto cleanup; 485 } 478 486 } 479 487 480 488 /* Load the PGP key file */ 481 489 if (sc->pgp_key_file) { 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 490 if (load_datum_from_file(spool, sc->pgp_key_file, &data) != 0) { 491 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 492 "GnuTLS: Error Reading " "Private Key '%s'", 493 sc->pgp_key_file); 494 ret = -1; 495 goto cleanup; 496 } 497 498 ret = gnutls_privkey_init(&sc->privkey_pgp); 499 if (ret < 0) { 500 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 501 "GnuTLS: Failed to initialize" 502 ": (%d) %s", ret, gnutls_strerror(ret)); 503 ret = -1; 504 goto cleanup; 505 } 498 506 499 507 #if GNUTLS_VERSION_NUMBER < 0x030312 … … 507 515 * gnutls_privkey_import_openpgp. */ 508 516 ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp_internal); 509 510 511 512 513 514 515 516 517 if (ret != 0) { 518 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 519 "GnuTLS: Failed to initialize " 520 "PGP Private Key '%s': (%d) %s", 521 sc->pgp_key_file, ret, gnutls_strerror(ret)); 522 ret = -1; 523 goto cleanup; 524 } 517 525 518 526 ret = gnutls_openpgp_privkey_import(sc->privkey_pgp_internal, &data, 519 527 GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); 520 521 522 523 524 525 526 527 528 if (ret != 0) { 529 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 530 "GnuTLS: Failed to Import " 531 "PGP Private Key '%s': (%d) %s", 532 sc->pgp_key_file, ret, gnutls_strerror(ret)); 533 ret = -1; 534 goto cleanup; 535 } 528 536 529 537 ret = gnutls_privkey_import_openpgp(sc->privkey_pgp, … … 535 543 "to gnutls_privkey_t structure: (%d) %s", 536 544 sc->pgp_key_file, ret, gnutls_strerror(ret)); 537 538 539 545 ret = -1; 546 goto cleanup; 547 } 540 548 #else 541 549 ret = gnutls_privkey_import_openpgp_raw(sc->privkey_pgp, &data, 542 550 GNUTLS_OPENPGP_FMT_BASE64, 543 551 NULL, NULL); 544 552 if (ret != 0) 545 553 { 546 554 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, … … 548 556 "PGP Private Key '%s': (%d) %s", 549 557 sc->pgp_key_file, ret, gnutls_strerror(ret)); 550 551 552 558 ret = -1; 559 goto cleanup; 560 } 553 561 #endif 554 562 } 555 563 556 564 /* Load the keyring file */ 557 if (sc->pgp_ring_file) { 558 if (load_datum_from_file(spool, sc->pgp_ring_file, &data) != 0) { 559 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 560 "GnuTLS: Error Reading " "Keyring File '%s'", 561 sc->pgp_ring_file); 562 ret = -1; 563 goto cleanup; 564 } 565 566 ret = gnutls_openpgp_keyring_init(&sc->pgp_list); 567 if (ret < 0) { 568 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 569 "GnuTLS: Failed to initialize" 570 "keyring: (%d) %s", ret, gnutls_strerror(ret)); 571 ret = -1; 572 goto cleanup; 573 } 574 575 ret = gnutls_openpgp_keyring_import(sc->pgp_list, &data, 576 GNUTLS_OPENPGP_FMT_BASE64); 577 if (ret < 0) { 578 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 579 "GnuTLS: Failed to load " 580 "Keyring File '%s': (%d) %s", sc->pgp_ring_file, 581 ret, gnutls_strerror(ret)); 582 ret = -1; 583 goto cleanup; 584 } 565 if (sc->pgp_ring_file) 566 { 567 if (load_datum_from_file(spool, sc->pgp_ring_file, &data) != 0) { 568 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 569 "GnuTLS: Error Reading " "Keyring File '%s'", 570 sc->pgp_ring_file); 571 ret = -1; 572 goto cleanup; 573 } 574 575 ret = gnutls_openpgp_keyring_init(&sc->pgp_list); 576 if (ret < 0) { 577 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 578 "GnuTLS: Failed to initialize" 579 "keyring: (%d) %s", ret, gnutls_strerror(ret)); 580 ret = -1; 581 goto cleanup; 582 } 583 584 ret = gnutls_openpgp_keyring_import(sc->pgp_list, &data, 585 GNUTLS_OPENPGP_FMT_BASE64); 586 if (ret < 0) { 587 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 588 "GnuTLS: Failed to load " 589 "Keyring File '%s': (%d) %s", sc->pgp_ring_file, 590 ret, gnutls_strerror(ret)); 591 ret = -1; 592 goto cleanup; 593 } 585 594 } 586 595 … … 590 599 ret = gnutls_priority_init(&sc->priorities, sc->priorities_str, &err); 591 600 592 593 594 595 596 597 598 599 600 601 602 603 604 601 if (ret < 0) { 602 if (ret == GNUTLS_E_INVALID_REQUEST) { 603 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 604 "GnuTLS: Syntax error parsing priorities string at: %s", 605 err); 606 } else { 607 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 608 "GnuTLS: error parsing priorities string"); 609 610 } 611 ret = -1; 612 goto cleanup; 613 } 605 614 } 606 615 607 616 ret = 0; 608 617 cleanup: 609 618 apr_pool_destroy(spool); 610 619
Note: See TracChangeset
for help on using the changeset viewer.