- Timestamp:
- Dec 2, 2007, 4:33:19 AM (15 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, main, master, msva, proxy-ticket, upstream
- Children:
- 5cac844
- Parents:
- ee65fcb
- git-author:
- Nikos Mavrogiannopoulos <nmav@…> (12/02/07 04:33:19)
- git-committer:
- Nokis Mavrogiannopoulos <nmav@…> (12/02/07 04:33:19)
- File:
-
- 1 edited
-
src/gnutls_hooks.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
ree65fcb ra5dc815 210 210 * Returns negative on error. 211 211 */ 212 static int read_crt_cn(server_rec * s, apr_pool_t * p, gnutls_x509_crt cert,213 char **cert_cn)212 static int read_crt_cn(server_rec * s, apr_pool_t * p, 213 gnutls_x509_crt cert, char **cert_cn) 214 214 { 215 215 int rv = 0, i; … … 226 226 *cert_cn = apr_palloc(p, data_len); 227 227 rv = gnutls_x509_crt_get_dn_by_oid(cert, 228 GNUTLS_OID_X520_COMMON_NAME, 0, 0, *cert_cn, &data_len); 228 GNUTLS_OID_X520_COMMON_NAME, 0, 229 0, *cert_cn, &data_len); 229 230 } else { /* No CN return subject alternative name */ 230 231 ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, 231 "No common name found in certificate for '%s:%d'. Looking for subject alternative name.", 232 "No common name found in certificate for '%s:%d'. Looking for subject alternative name.", 232 233 s->server_hostname, s->port); 233 234 rv = 0; 234 235 /* read subject alternative name */ 235 236 for (i = 0; !(rv < 0); i++) { 237 data_len = 0; 236 238 rv = gnutls_x509_crt_get_subject_alt_name(cert, i, 237 NULL, &data_len, NULL); 238 239 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) { 240 /* FIXME: not very efficient. What if we have several alt names 241 * before DNSName? 242 */ 243 *cert_cn = apr_palloc(p, data_len+1); 244 245 rv = gnutls_x509_crt_get_subject_alt_name(cert, i, 246 *cert_cn, &data_len, NULL); 247 (*cert_cn)[data_len]=0; 248 249 if (rv == GNUTLS_SAN_DNSNAME) 250 break; 251 } 239 NULL, &data_len, 240 NULL); 241 242 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) { 243 /* FIXME: not very efficient. What if we have several alt names 244 * before DNSName? 245 */ 246 *cert_cn = apr_palloc(p, data_len + 1); 247 248 rv = gnutls_x509_crt_get_subject_alt_name(cert, i, 249 *cert_cn, 250 &data_len, NULL); 251 (*cert_cn)[data_len] = 0; 252 253 if (rv == GNUTLS_SAN_DNSNAME) 254 break; 255 } 252 256 } 253 257 } 254 258 255 259 return rv; 256 260 … … 366 370 && sc->srp_tpasswd_file != NULL) { 367 371 rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, 368 sc->srp_tpasswd_file, sc->srp_tpasswd_conf_file); 369 370 if (rv < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) { 371 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 372 "[GnuTLS] - Host '%s:%d' is missing a " 373 "SRP password or conf File!", s->server_hostname, 374 s->port); 375 exit(-1); 376 } 372 sc-> 373 srp_tpasswd_file, 374 sc-> 375 srp_tpasswd_conf_file); 376 377 if (rv < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) { 378 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 379 "[GnuTLS] - Host '%s:%d' is missing a " 380 "SRP password or conf File!", 381 s->server_hostname, s->port); 382 exit(-1); 383 } 377 384 } 378 385 … … 398 405 rv = read_crt_cn(s, p, sc->cert_x509, &sc->cert_cn); 399 406 if (rv < 0) { 400 401 402 407 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 408 "[GnuTLS] - Cannot find a certificate for host '%s:%d'!", 409 s->server_hostname, s->port); 403 410 sc->cert_cn = NULL; 404 411 continue; … … 503 510 "'%s' != '%s'", tsc->cert_cn, x->sni_name); 504 511 #endif 505 512 506 513 } 507 514 return 0; … … 802 809 char buf[AP_IOBUFSIZE]; 803 810 const char *tmp; 811 char *tmp2; 804 812 size_t len; 805 int alg;813 int ret, i; 806 814 807 815 apr_table_t *env = r->subprocess_env; … … 835 843 apr_pstrdup(r->pool, tmp)); 836 844 837 alg = gnutls_x509_crt_get_version(cert); 838 if (alg > 0) 839 apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL), 840 apr_psprintf(r->pool, "%u", alg)); 845 ret = gnutls_x509_crt_get_version(cert); 846 if (ret > 0) 847 apr_table_setn(env, 848 apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL), 849 apr_psprintf(r->pool, "%u", ret)); 841 850 842 851 tmp = … … 852 861 apr_pstrdup(r->pool, tmp)); 853 862 854 alg= gnutls_x509_crt_get_signature_algorithm(cert);855 if ( alg>= 0) {863 ret = gnutls_x509_crt_get_signature_algorithm(cert); 864 if (ret >= 0) { 856 865 apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_A_SIG", NULL), 857 gnutls_sign_algorithm_get_name( alg));858 } 859 860 alg= gnutls_x509_crt_get_pk_algorithm(cert, NULL);861 if ( alg>= 0) {866 gnutls_sign_algorithm_get_name(ret)); 867 } 868 869 ret = gnutls_x509_crt_get_pk_algorithm(cert, NULL); 870 if (ret >= 0) { 862 871 apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_A_KEY", NULL), 863 gnutls_pk_algorithm_get_name(alg)); 872 gnutls_pk_algorithm_get_name(ret)); 873 } 874 875 /* export all the alternative names (DNS, RFC822 and URI) */ 876 for (i = 0; !(ret < 0); i++) { 877 len = 0; 878 ret = gnutls_x509_crt_get_subject_alt_name(cert, i, 879 NULL, &len, NULL); 880 881 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER && len > 1) { 882 tmp2 = apr_palloc(r->pool, len + 1); 883 884 ret = 885 gnutls_x509_crt_get_subject_alt_name(cert, i, tmp2, &len, 886 NULL); 887 tmp2[len] = 0; 888 889 if (ret == GNUTLS_SAN_DNSNAME) { 890 apr_table_setn(env, 891 apr_psprintf(r->pool, "%s_SAN%u", MGS_SIDE, i), 892 apr_psprintf(r->pool, "DNSNAME:%s", tmp2)); 893 } else if (ret == GNUTLS_SAN_RFC822NAME) { 894 apr_table_setn(env, 895 apr_psprintf(r->pool, "%s_SAN%u", MGS_SIDE, i), 896 apr_psprintf(r->pool, "RFC822NAME:%s", tmp2)); 897 } else if (ret == GNUTLS_SAN_URI) { 898 apr_table_setn(env, 899 apr_psprintf(r->pool, "%s_SAN%u", MGS_SIDE, i), 900 apr_psprintf(r->pool, "URI:%s", tmp2)); 901 } else { 902 apr_table_setn(env, 903 apr_psprintf(r->pool, "%s_SAN%u", MGS_SIDE, i), 904 "UNSUPPORTED"); 905 } 906 } 864 907 } 865 908
Note: See TracChangeset
for help on using the changeset viewer.
