Context Navigation

← Previous Changeset
Next Changeset →

Changeset a66e147 in mod_gnutls

Timestamp:

Dec 10, 2004, 1:08:52 AM (15 years ago)

Author:

Paul Querna <chip@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream

Children:

Parents:

Message:

working support for a ssl session cache via memcached.

Files:

: 1 deleted
: 6 edited

configure.ac (modified) (1 diff)
include/memcache.h (deleted)
include/mod_gnutls.h (modified) (3 diffs)
src/Makefile.am (modified) (1 diff)
src/gnutls_cache.c (modified) (2 diffs)
src/gnutls_io.c (modified) (3 diffs)
src/mod_gnutls.c (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed

configure.ac

-                      r76bd3bf
+                      ra66e147
 CHECK_APR_MEMCACHE()
 MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
 MODULE_LIBS="${LIBGNUTLS_LIBS} ${APR_MEMCACHE_LIBS}"
+MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
+MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
 AC_SUBST(MODULE_CFLAGS)

include/mod_gnutls.h

-                      r76bd3bf
+                      ra66e147
 #include "apr_strings.h"
 #include "apr_tables.h"
+#include "apr_memcache.h"
 #include <gcrypt.h>
 …
     int protocol[16];
     int compression[16];
+    const char* cache_config;
 } mod_gnutls_srvconf_rec;
 …
+/**
+ * Init the Cache inside each Process
+ */
+int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,
+                                mod_gnutls_srvconf_rec *sc);
+/**
+ * Setup the Session Caching
+ */
+int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt);
 #endif /*  __mod_gnutls_h_inc */

src/Makefile.am

r76bd3bf	ra66e147
3	3	libmod_gnutls_la_SOURCES = mod_gnutls.c gnutls_io.c gnutls_cache.c
4	4	libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
5		libmod_gnutls_la_LDFLAGS = ${MODULE_LIBS}
	5	libmod_gnutls_la_LDFLAGS = -rpath ${AP_LIBEXECDIR} -module -avoid-version ${MODULE_LIBS}
6	6
7	7	lib_LTLIBRARIES = libmod_gnutls.la

src/gnutls_cache.c

-                      r76bd3bf
+                      ra66e147
 #include "mod_gnutls.h"
+#include "ap_mpm.h"
 /**
 …
+ *
  */
+/*
+#include "memcache.h"
+int mod_gnutls_cache_init()
+{
+  return 0;
+}
+static int cache_store((void* baton, gnutls_datum_t key, gnutls_datum_t data)
+{
+    mc_set(struct memcache *mc,
+           key->data, key->size,
+           data->data, data->size,
+, 0);
+  return 0;
+}
+static int cache_fetch(void* baton, gnutls_datum_t key)
+{
+/* The underlying apr_memcache system is thread safe... woohoo */
+static apr_memcache_t* mc;
+int mod_gnutls_cache_child_init(apr_pool_t *p, server_rec *s,
+                                mod_gnutls_srvconf_rec *sc)
+{
+    apr_status_t rv = APR_SUCCESS;
+    int thread_limit = 0;
+    int nservers = 0;
+    char* cache_config;
+    char* split;
+    char* tok;
+    ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
+    /* Find all the servers in the first run to get a total count */
+    cache_config = apr_pstrdup(p, sc->cache_config);
+    split = apr_strtok(cache_config, " ", &tok);
+    while (split) {
+        nservers++;
+        split = apr_strtok(NULL," ", &tok);
+    }
+    rv = apr_memcache_create(p, nservers, 0, &mc);
+    if (rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+                        "[gnutls_cache] Failed to create Memcache Object of '%d' size.",
+                         nservers);
+        return rv;
+    }
+    /* Now add each server to the memcache */
+    cache_config = apr_pstrdup(p, sc->cache_config);
+    split = apr_strtok(cache_config, " ", &tok);
+    while (split) {
+        apr_memcache_server_t* st;
+        char* split2;
+        char* host_str;
+        char* port_str;
+        int port;
+        host_str = apr_strtok(split,":", &split2);
+        port_str = apr_strtok(NULL,":", &split2);
+        if (!port_str) {
+            port = 11211; /* default port */
+        }
+        else {
+            port = atoi(port_str);
+        }
+        /* Should Max Conns be (thread_limit / nservers) ? */
+        rv = apr_memcache_server_create(p,
+                                        host_str, port,
+,
+,
+                                        thread_limit,
+,
+                                        &st);
+        if(rv != APR_SUCCESS) {
+            ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+                         "[gnutls_cache] Failed to Create Server: %s:%d",
+                         host_str, port);
+            return rv;
+        }
+        rv = apr_memcache_add_server(mc, st);
+        if(rv != APR_SUCCESS) {
+            ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+                         "[gnutls_cache] Failed to Add Server: %s:%d",
+                         host_str, port);
+            return rv;
+        }
+        split = apr_strtok(NULL," ", &tok);
+    }
+    return rv;
+}
+/* thanks mod_ssl */
+#define GNUTLS_SESSION_ID_STRING_LEN \
+    ((GNUTLS_MAX_SESSION_ID + 1) * 2)
+#define MC_TAG "mod_gnutls:"
+#define MC_TAG_LEN \
+    (sizeof(MC_TAG))
+#define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN)
+static char *gnutls_session_id2sz(unsigned char *id, int idlen,
+                        char *str, int strsize)
+{
+    char *cp;
+    int n;
+    cp = apr_cpystrn(str, MC_TAG, MC_TAG_LEN);
+    for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) {
+        apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]);
+        cp += 2;
+    }
+    *cp = '\0';
+    return str;
+}
+static int cache_store(void* baton, gnutls_datum_t key, gnutls_datum_t data)
+{
+    apr_status_t rv = APR_SUCCESS;
     mod_gnutls_handle_t *ctxt = baton;
+  return 0;
+    char buf[STR_SESSION_LEN];
+    char* strkey = NULL;
+    apr_uint32_t timeout;
+    strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));
+    if(!strkey)
+        return -1;
+    timeout = 3600;
+    rv = apr_memcache_set(mc,  strkey, data.data, data.size, timeout, 0);
+    if(rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, rv,
+                     ctxt->c->base_server,
+                     "[gnutls_cache] error setting key '%s' "
+                     "with %d bytes of data", strkey, data.size);
+        return -1;
+    }
+    return 0;
+}
+static gnutls_datum_t cache_fetch(void* baton, gnutls_datum_t key)
+{
+    apr_status_t rv = APR_SUCCESS;
+    mod_gnutls_handle_t *ctxt = baton;
+    char buf[STR_SESSION_LEN];
+    char* strkey = NULL;
+    char* value;
+    apr_size_t value_len;
+    gnutls_datum_t data = { NULL, 0 };
+    strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));
+    if(!strkey) {
+        return data;
+    }
+    rv = apr_memcache_getp(mc, ctxt->c->pool, strkey,
+                           &value, &value_len, NULL);
+    if(rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
+                     ctxt->c->base_server,
+                     "[gnutls_cache] error fetching key '%s' ",
+                     strkey);
+        data.size = 0;
+        data.data = NULL;
+        return data;
+    }
+    /* TODO: Eliminate this memcpy. ffs. gnutls-- */
+    data.data = gnutls_malloc(value_len);
+    if (data.data == NULL)
+        return data;
+    data.size = value_len;
+    memcpy(data.data, value, value_len);
+    return data;
+}
 static int cache_delete(void* baton, gnutls_datum_t key)
+{
+    apr_status_t rv = APR_SUCCESS;
     mod_gnutls_handle_t *ctxt = baton;
+  return 0;
+    char buf[STR_SESSION_LEN];
+    char* strkey = NULL;
+    strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf));
+    if(!strkey)
+        return -1;
+    rv = apr_memcache_delete(mc, strkey, 0);
+    if(rv != APR_SUCCESS) {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
+                     ctxt->c->base_server,
+                     "[gnutls_cache] error deleting key '%s' ",
+                      strkey);
+        return -1;
+    }
+    return 0;
+}
 int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt)
+{
+    gnutls_db_set_cache_expiration
+    gnutls_db_set_retrieve_function(session, cache_fetch);
+    gnutls_db_set_remove_function(session, cache_delete);
+    gnutls_db_set_store_function(session, cache_store);
+    gnutls_db_set_ptr(session, NULL);
+  return 0;
+}
+*/
+    gnutls_db_set_retrieve_function(ctxt->session, cache_fetch);
+    gnutls_db_set_remove_function(ctxt->session, cache_delete);
+    gnutls_db_set_store_function(ctxt->session, cache_store);
+    gnutls_db_set_ptr(ctxt->session, ctxt);
+    return 0;
+}

src/gnutls_io.c

-                      r76bd3bf
+                      ra66e147
             else {
                 /* Some Other Error. Report it. Die. */
+                ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->input_rc,
+                             ctxt->c->base_server,
+                             "GnuTLS: Error reading data. (%d) '%s'", rc,
+                             gnutls_strerror(rc));
+                if(gnutls_error_is_fatal(rc)) {
+                    ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->input_rc,
+                                 ctxt->c->base_server,
+                                 "GnuTLS: Error reading data. (%d) '%s'", rc,
+                                 gnutls_strerror(rc));
+                }
+                else if(*len > 0) {
+                    ctxt->input_rc = APR_SUCCESS;
+                    break;
+                }
+            }
 …
     while (!APR_BRIGADE_EMPTY(bb)) {
         apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
+        if (APR_BUCKET_IS_EOS(bucket)) {
+            /* gnutls_bye(ctxt->session, GNUTLS_SHUT_RDWR); */
+        if (APR_BUCKET_IS_EOS(bucket) || AP_BUCKET_IS_EOC(bucket)) {
+            gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
+            gnutls_deinit(ctxt->session);
             if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
 …
+            }
             break;
+        }
-        else if (AP_BUCKET_IS_EOC(bucket)) {
-            gnutls_bye(ctxt->session, GNUTLS_SHUT_WR);
-            gnutls_deinit(ctxt->session);
-            if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
-                return status;
+            }
-            break;
+        }
         else {

src/mod_gnutls.c

-                      r76bd3bf
+                      ra66e147
     if(first_run) {
+//    if(first_run) {
         /* TODO: Should we regenerate these after X requests / X time ? */
         gnutls_dh_params_init(&dh_params);
 …
         gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
 #endif
+    }
+//    }
     for (s = base_server; s; s = s->next) {
 …
+}
+static void mod_gnutls_hook_child_init(apr_pool_t *p, server_rec *s)
+{
+    apr_status_t rv = APR_SUCCESS;
+    mod_gnutls_srvconf_rec *sc = ap_get_module_config(s->module_config,
+                                                      &gnutls_module);
+    if(sc->cache_config != NULL) {
+        rv = mod_gnutls_cache_child_init(p, s, sc);
+        if(rv != APR_SUCCESS) {
+            ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
+                             "[GnuTLS] - Failed to run Cache Init");
+        }
+    }
+    else {
+            ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
+                             "[GnuTLS] - No Cache Configured. Hint: GnuTLSCache");
+    }
+}
 static const char *mod_gnutls_hook_http_method(const request_rec * r)
+{
 …
     gnutls_dh_set_prime_bits(ctxt->session, DH_BITS);
+    mod_gnutls_cache_session_init(ctxt);
     return ctxt;
+}
 …
                                                         &gnutls_module);
     sc->key_file = ap_server_root_relative(parms->pool, arg);
+    return NULL;
+}
+static const char *gnutls_set_cache(cmd_parms * parms, void *dummy,
+                                       const char *arg)
+{
+    const char* err;
+    mod_gnutls_srvconf_rec *sc = ap_get_module_config(parms->server->
+                                                        module_config,
+                                                        &gnutls_module);
+    if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
+        return err;
+    }
+    sc->cache_config = apr_pstrdup(parms->pool, arg);
     return NULL;
+}
 …
                   RSRC_CONF,
                   "SSL Server Certificate file"),
+    AP_INIT_TAKE1("GnuTLSCache", gnutls_set_cache,
+                  NULL,
+                  RSRC_CONF,
+                  "SSL Server Certificate file"),
     AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled,
                   NULL, RSRC_CONF,
 …
                            APR_HOOK_MIDDLE);
     ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL,
+                        APR_HOOK_MIDDLE);
+    ap_hook_child_init(mod_gnutls_hook_child_init, NULL, NULL,
                         APR_HOOK_MIDDLE);
     ap_hook_http_method(mod_gnutls_hook_http_method, NULL, NULL,
 …
     sc->key_file = NULL;
     sc->cert_file = NULL;
+    sc->cache_config = NULL;
     i = 0;

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: