Changeset 9ca1f21 in mod_gnutls
- Timestamp:
- Sep 18, 2015, 7:12:16 PM (7 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream
- Children:
- dff03fa
- Parents:
- 88df24d
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
doc/mod_gnutls_manual.mdwn
r88df24d r9ca1f21 382 382 Context: server config 383 383 384 Load this PKCS #11 provider module, instead of the system defaults. 384 Load this PKCS #11 provider module, instead of the system 385 defaults. May occur multiple times to load multiple modules. 385 386 386 387 `GnuTLSPIN` -
include/mod_gnutls.h.in
r88df24d r9ca1f21 115 115 int non_ssl_request; 116 116 117 /* Additional PKCS #11 provider moduleto load, only valid in the117 /* List of PKCS #11 provider modules to load, only valid in the 118 118 * base config, ignored in virtual hosts */ 119 char *p11_module;119 apr_array_header_t *p11_modules; 120 120 121 121 /* PIN used for PKCS #11 operations */ -
src/gnutls_config.c
r88df24d r9ca1f21 952 952 sc->privkey_pgp = NULL; 953 953 sc->certs_x509_chain_num = 0; 954 sc->p11_module = NULL;954 sc->p11_modules = NULL; 955 955 sc->pin = NULL; 956 956 sc->priorities_str = NULL; … … 1013 1013 gnutls_srvconf_merge(x509_key_file, NULL); 1014 1014 gnutls_srvconf_merge(x509_ca_file, NULL); 1015 gnutls_srvconf_merge(p11_module , NULL);1015 gnutls_srvconf_merge(p11_modules, NULL); 1016 1016 gnutls_srvconf_merge(pin, NULL); 1017 1017 gnutls_srvconf_merge(pgp_cert_file, NULL); … … 1119 1119 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 1120 1120 ap_get_module_config(parms->server->module_config, &gnutls_module); 1121 sc->p11_module = apr_pstrdup(parms->pool, arg); 1122 return NULL; 1123 } 1121 /* initialize PKCS #11 module list if necessary */ 1122 if (sc->p11_modules == NULL) 1123 sc->p11_modules = apr_array_make(parms->pool, 2, sizeof(char*)); 1124 1125 *(char **) apr_array_push(sc->p11_modules) = apr_pstrdup(parms->pool, arg); 1126 1127 return NULL; 1128 } -
src/gnutls_hooks.c
r88df24d r9ca1f21 323 323 } 324 324 325 /* If GnuTLSP11Module is set, load th at PKCS #11 module. Otherwise326 * system defaults will be used. */327 if (sc_base->p11_module != NULL)325 /* If GnuTLSP11Module is set, load the listed PKCS #11 326 * modules. Otherwise system defaults will be used. */ 327 if (sc_base->p11_modules != NULL) 328 328 { 329 329 rv = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); … … 337 337 else 338 338 { 339 rv = gnutls_pkcs11_add_provider(sc_base->p11_module, NULL); 340 if (rv != GNUTLS_E_SUCCESS) 341 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 342 "GnuTLS: Loading PKCS #11 provider module %s " 343 "failed: %s (%d).", 344 sc_base->p11_module, gnutls_strerror(rv), rv); 339 int i; 340 for (i = 0; i < sc_base->p11_modules->nelts; i++) 341 { 342 char *p11_module = 343 APR_ARRAY_IDX(sc_base->p11_modules, i, char *); 344 rv = gnutls_pkcs11_add_provider(p11_module, NULL); 345 if (rv != GNUTLS_E_SUCCESS) 346 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 347 "GnuTLS: Loading PKCS #11 provider module %s " 348 "failed: %s (%d).", 349 p11_module, gnutls_strerror(rv), rv); 350 } 345 351 } 346 352 }
Note: See TracChangeset
for help on using the changeset viewer.