Changeset 94cb972 in mod_gnutls for src


Ignore:
Timestamp:
May 29, 2016, 6:06:59 PM (6 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
Children:
20f8e99
Parents:
b674e95
Message:

Minimal OCSP stapling implementation using externally provided response

Works if the configured file contains a valid and current OCSP
response. Note that the module does not yet check those conditions,
the file is just read and forwarded to GnuTLS.

Location:
src
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed

  • src/Makefile.am

    rb674e95 r94cb972  
    66endif
    77
    8 mod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c gnutls_config.c gnutls_hooks.c
     8mod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c \
     9        gnutls_config.c gnutls_hooks.c gnutls_ocsp.c
    910mod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
    1011mod_gnutls_la_LDFLAGS = -module -avoid-version ${MODULE_LIBS}
     12noinst_HEADERS = gnutls_ocsp.h
    1113
    1214apmodpkglib_LTLIBRARIES = mod_gnutls.la

  • src/gnutls_config.c

    rb674e95 r94cb972  
    972972    sc->proxy_priorities = NULL;
    973973
     974    sc->ocsp_response_file = NULL;
     975
    974976/* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */
    975977    sc->client_verify_mode = -1;
     
    10271029    gnutls_srvconf_merge(proxy_priorities_str, NULL);
    10281030    gnutls_srvconf_merge(proxy_priorities, NULL);
     1031
     1032    gnutls_srvconf_merge(ocsp_response_file, NULL);
    10291033
    10301034    /* FIXME: the following items are pre-allocated, and should be

  • src/gnutls_hooks.c

    rb674e95 r94cb972  
    2121
    2222#include "mod_gnutls.h"
     23#include "gnutls_ocsp.h"
    2324#include "http_vhost.h"
    2425#include "ap_mpm.h"
     
    156157    /* Set Anon credentials */
    157158    gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds);
     159
     160    if (ctxt->sc->ocsp_response_file != NULL)
     161    {
     162        gnutls_certificate_set_ocsp_status_request_function(ctxt->sc->certs,
     163                                                            mgs_get_ocsp_response,
     164                                                            ctxt);
     165    }
    158166
    159167#ifdef ENABLE_SRP

  • src/mod_gnutls.c

    rb674e95 r94cb972  
    2020
    2121#include "mod_gnutls.h"
     22#include "gnutls_ocsp.h"
    2223
    2324#ifdef APLOG_USE_MODULE
     
    275276    "The priorities to enable for proxy connections (ciphers, key exchange, "
    276277    "MACs, compression)."),
     278    AP_INIT_TAKE1("GnuTLSOCSPResponseFile", mgs_store_ocsp_response_path,
     279    NULL,
     280    RSRC_CONF,
     281    "EXPERIMENTAL: OCSP response for stapling (must be updated externally)"),
    277282    { NULL },
    278283};
Note: See TracChangeset for help on using the changeset viewer.