Changeset 9ca1f21 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Sep 18, 2015, 7:12:16 PM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
dff03fa
Parents:
88df24d
Message:

Allow loading more than one PKCS #11 module using GnuTLSP11Module

This commit allows multiple modules to be loaded using the
GnuTLSP11Module directive. Each occurrence of GnuTLSP11Module causes the
given module to be added to a list, and all modules on that list are
loaded.

Commit f21d2a6dba6378b18d015dde88193fcad70d8728 disabled modules
configured through the system wide p11-kit configuration if
GnuTLSP11Module is set. With that change, using multiple PKCS #11
modules required using the system configuration, since only one module
could be loaded using GnuTLSP11Module.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    r88df24d r9ca1f21  
    323323    }
    324324
    325     /* If GnuTLSP11Module is set, load that PKCS #11 module. Otherwise
    326      * system defaults will be used. */
    327     if (sc_base->p11_module != NULL)
     325    /* If GnuTLSP11Module is set, load the listed PKCS #11
     326     * modules. Otherwise system defaults will be used. */
     327    if (sc_base->p11_modules != NULL)
    328328    {
    329329        rv = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
     
    337337        else
    338338        {
    339             rv = gnutls_pkcs11_add_provider(sc_base->p11_module, NULL);
    340             if (rv != GNUTLS_E_SUCCESS)
    341                 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    342                              "GnuTLS: Loading PKCS #11 provider module %s "
    343                              "failed: %s (%d).",
    344                              sc_base->p11_module, gnutls_strerror(rv), rv);
     339            int i;
     340            for (i = 0; i < sc_base->p11_modules->nelts; i++)
     341            {
     342                char *p11_module =
     343                    APR_ARRAY_IDX(sc_base->p11_modules, i, char *);
     344                rv = gnutls_pkcs11_add_provider(p11_module, NULL);
     345                if (rv != GNUTLS_E_SUCCESS)
     346                    ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
     347                                 "GnuTLS: Loading PKCS #11 provider module %s "
     348                                 "failed: %s (%d).",
     349                                 p11_module, gnutls_strerror(rv), rv);
     350            }
    345351        }
    346352    }
Note: See TracChangeset for help on using the changeset viewer.