Changeset 836417f in mod_gnutls for src/gnutls_hooks.c
- Timestamp:
- Apr 24, 2005, 8:34:34 PM (18 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
- Children:
- 84cb5b2
- Parents:
- 38435cc
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
r38435cc r836417f 301 301 { 302 302 mgs_handle_t *ctxt; 303 gnutls_retr_st* ret;303 mgs_srvconf_rec *sc; 304 304 const char* sni_name; 305 305 } vhost_cb_rec; … … 320 320 if (ap_strcasecmp_match(x->sni_name, tsc->cert_cn) == 0) { 321 321 /* found a match */ 322 x->ret->cert.x509 = &tsc->cert_x509;323 x->ret->key.x509 = tsc->privkey_x509;324 322 #if MOD_GNUTLS_DEBUG 325 323 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, … … 331 329 * things like ClientVerify. 332 330 */ 333 x-> ctxt->sc = tsc;331 x->sc = tsc; 334 332 /* Shit. Crap. Dammit. We *really* should rehandshake here, as our 335 333 * certificate structure *should* change when the server changes. 336 334 * acccckkkkkk. 337 335 */ 338 gnutls_certificate_server_set_request(x->ctxt->session, x->ctxt->sc->client_verify_mode);339 336 return 1; 340 337 } … … 343 340 #endif 344 341 345 static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret)342 mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session) 346 343 { 347 344 int rv; … … 365 362 ctxt->c->base_server, 366 363 "GnuTLS: Only x509 Certificates are currently supported."); 367 return -1; 368 } 369 370 ret->type = GNUTLS_CRT_X509; 371 ret->ncerts = 1; 372 ret->deinit_all = 0; 364 return NULL; 365 } 373 366 374 367 rv = gnutls_server_name_get(ctxt->session, sni_name, 375 368 &data_len, &sni_type, 0); 376 369 377 370 if (rv != 0) { 378 goto use_default_crt;379 } 380 371 return NULL; 372 } 373 381 374 if (sni_type != GNUTLS_NAME_DNS) { 382 375 ap_log_error(APLOG_MARK, APLOG_CRIT, 0, 383 376 ctxt->c->base_server, 384 377 "GnuTLS: Unknown type '%d' for SNI: " 385 "'%s'", sni_type, sni_name); 386 goto use_default_crt;378 "'%s'", sni_type, sni_name); 379 return NULL; 387 380 } 388 381 … … 393 386 #if USING_2_1_RECENT 394 387 cbx.ctxt = ctxt; 395 cbx. ret = ret;388 cbx.sc = NULL; 396 389 cbx.sni_name = sni_name; 397 390 398 391 rv = ap_vhost_iterate_given_conn(ctxt->c, vhost_cb, &cbx); 399 392 if (rv == 1) { 400 return 0;393 return cbx.sc; 401 394 } 402 395 #else … … 404 397 405 398 tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config, 406 399 &gnutls_module); 407 400 if (tsc->enabled != GNUTLS_ENABLED_TRUE) { 408 401 continue; … … 417 410 /* The CN can contain a * -- this will match those too. */ 418 411 if (ap_strcasecmp_match(sni_name, tsc->cert_cn) == 0) { 419 /* found a match */420 ret->cert.x509 = &tsc->cert_x509;421 ret->key.x509 = tsc->privkey_x509;422 412 #if MOD_GNUTLS_DEBUG 423 413 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, … … 426 416 "'%s' == '%s'", tsc->cert_cn, sni_name); 427 417 #endif 428 ctxt->sc = tsc; 429 gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode); 430 return 0; 431 } 432 } 433 #endif 434 435 /** 436 * If the client does not support the Server Name Indication, give the default 437 * certificate for this server. 438 */ 439 use_default_crt: 418 return tsc; 419 } 420 } 421 #endif 422 return NULL; 423 } 424 425 426 static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret) 427 { 428 mgs_handle_t *ctxt; 429 mgs_srvconf_rec *tsc; 430 431 ctxt = gnutls_transport_get_ptr(session); 432 433 ret->type = GNUTLS_CRT_X509; 434 ret->ncerts = 1; 435 ret->deinit_all = 0; 436 437 tsc = mgs_find_sni_server(session); 438 439 if (tsc != NULL) { 440 ctxt->sc = tsc; 441 gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode); 442 } 443 440 444 ret->cert.x509 = &ctxt->sc->cert_x509; 441 445 ret->key.x509 = ctxt->sc->privkey_x509; 442 #if MOD_GNUTLS_DEBUG443 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,444 ctxt->c->base_server,445 "GnuTLS: Using Default Certificate.");446 #endif447 446 return 0; 448 447 }
Note: See TracChangeset
for help on using the changeset viewer.