Changeset 98cf33f in mod_gnutls
- Timestamp:
- Sep 17, 2017, 1:01:23 PM (5 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- 2ae1c3c
- Parents:
- 017ef2d
- git-author:
- Thomas Klute <thomas2.klute@…> (09/17/17 12:52:37)
- git-committer:
- Thomas Klute <thomas2.klute@…> (09/17/17 13:01:23)
- Location:
- src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
r017ef2d r98cf33f 4 4 * Copyright 2011 Dash Shendy 5 5 * Copyright 2013-2014 Daniel Kahn Gillmor 6 * Copyright 2015-201 6Thomas Klute6 * Copyright 2015-2017 Thomas Klute 7 7 * 8 8 * Licensed under the Apache License, Version 2.0 (the "License"); … … 741 741 } 742 742 743 #define MAX_HOST_LEN 255 743 /** 744 * Default buffer size for SNI data, including the terminating NULL 745 * byte. The size matches what gnutls-cli uses initially. 746 */ 747 #define DEFAULT_SNI_HOST_LEN 256 744 748 745 749 typedef struct { … … 834 838 } 835 839 840 /** 841 * Get SNI data from GnuTLS (if any) and search for a matching virtual 842 * host configuration. This method is called from the post client 843 * hello function. 844 * 845 * @param session the GnuTLS session 846 * 847 * @return either the matching mod_gnutls server config, or `NULL` 848 */ 836 849 mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session) 837 850 { 851 mgs_handle_t *ctxt = gnutls_session_get_ptr(session); 852 853 char *sni_name = apr_palloc(ctxt->c->pool, DEFAULT_SNI_HOST_LEN); 854 size_t sni_len = DEFAULT_SNI_HOST_LEN; 838 855 unsigned int sni_type; 839 size_t data_len = MAX_HOST_LEN; 840 char sni_name[MAX_HOST_LEN]; 841 842 if (session == NULL) 843 return NULL; 844 845 mgs_handle_t *ctxt = gnutls_session_get_ptr(session); 846 int rv = gnutls_server_name_get(session, sni_name, 847 &data_len, &sni_type, 0); 848 849 850 if (rv != 0) { 851 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, APR_EGENERAL, ctxt->c, 852 "%s: no SNI data found: %s (%d)", 856 857 /* Search for a DNS SNI element. Note that RFC 6066 prohibits more 858 * than one server name per type. */ 859 int sni_index = -1; 860 int rv = 0; 861 do { 862 /* The sni_index is incremented before each use, so if the 863 * loop terminates with a type match we will have the right 864 * one stored. */ 865 rv = gnutls_server_name_get(session, sni_name, 866 &sni_len, &sni_type, ++sni_index); 867 if (rv == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) 868 { 869 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, APR_EGENERAL, ctxt->c, 870 "%s: no DNS SNI found (last index: %d).", 871 __func__, sni_index); 872 return NULL; 873 } 874 } while (sni_type != GNUTLS_NAME_DNS); 875 /* The (rv == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) path inside 876 * the loop above returns, so if we reach this point we have a DNS 877 * SNI at the current index. */ 878 879 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER) 880 { 881 /* Allocate a new buffer of the right size and retry */ 882 sni_name = apr_palloc(ctxt->c->pool, sni_len); 883 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, APR_SUCCESS, ctxt->c, 884 "%s: reallocated SNI data buffer for %" APR_SIZE_T_FMT 885 " bytes.", __func__, sni_len); 886 rv = gnutls_server_name_get(session, sni_name, 887 &sni_len, &sni_type, sni_index); 888 } 889 890 /* Unless there's a bug in the GnuTLS API only GNUTLS_E_IDNA_ERROR 891 * can occur here, but a catch all is safer and no more 892 * complicated. */ 893 if (rv != GNUTLS_E_SUCCESS) 894 { 895 ap_log_cerror(APLOG_MARK, APLOG_INFO, APR_EGENERAL, ctxt->c, 896 "%s: error while getting SNI DNS data: '%s' (%d).", 853 897 __func__, gnutls_strerror(rv), rv); 854 898 return NULL; 855 899 } 856 900 857 if (sni_type != GNUTLS_NAME_DNS) { 858 ap_log_cerror(APLOG_MARK, APLOG_CRIT, 0, ctxt->c, 859 "GnuTLS: Unknown type '%d' for SNI: '%s'", 860 sni_type, sni_name); 861 return NULL; 862 } 863 864 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, ctxt->c, 901 ap_log_cerror(APLOG_MARK, APLOG_TRACE1, APR_SUCCESS, ctxt->c, 865 902 "%s: client requested server '%s'.", 866 903 __func__, sni_name); -
src/gnutls_io.c
r017ef2d r98cf33f 3 3 * Copyright 2008 Nikos Mavrogiannopoulos 4 4 * Copyright 2011 Dash Shendy 5 * Copyright 2015-201 6Thomas Klute5 * Copyright 2015-2017 Thomas Klute 6 6 * 7 7 * Licensed under the Apache License, Version 2.0 (the "License");
Note: See TracChangeset
for help on using the changeset viewer.