- Timestamp:
- Sep 26, 2018, 3:21:32 PM (2 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- 2ec3e54
- Parents:
- cb6476c
- Location:
- src
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_config.c
rcb6476c radceac0 931 931 void *mgs_config_server_merge(apr_pool_t * p, void *BASE, void *ADD) 932 932 { 933 int i;934 933 char *err = NULL; 935 934 mgs_srvconf_rec *base = (mgs_srvconf_rec *) BASE; … … 981 980 gnutls_srvconf_assign(certs_x509_crt_chain); 982 981 gnutls_srvconf_assign(certs_x509_chain_num); 983 984 /* how do these get transferred cleanly before the data from ADD985 * goes away? */986 gnutls_srvconf_assign(cert_cn);987 for (i = 0; i < MAX_CERT_SAN; i++)988 gnutls_srvconf_assign(cert_san[i]);989 982 990 983 return sc; -
src/gnutls_hooks.c
rcb6476c radceac0 358 358 return -1; 359 359 } 360 }361 362 /* Read the common name or the alternative name of the certificate.363 * We only support a single name per certificate.364 *365 * Returns negative on error.366 */367 static int read_crt_cn(server_rec * s, apr_pool_t * p, gnutls_x509_crt_t cert, char **cert_cn) {368 369 int rv = 0;370 size_t data_len;371 372 373 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);374 *cert_cn = NULL;375 376 data_len = 0;377 rv = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, NULL, &data_len);378 379 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {380 *cert_cn = apr_palloc(p, data_len);381 rv = gnutls_x509_crt_get_dn_by_oid(cert,382 GNUTLS_OID_X520_COMMON_NAME,383 0, 0, *cert_cn,384 &data_len);385 } else { /* No CN return subject alternative name */386 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,387 "No common name found in certificate for '%s:%d'. Looking for subject alternative name...",388 s->server_hostname, s->port);389 rv = 0;390 /* read subject alternative name */391 for (int i = 0; !(rv < 0); i++)392 {393 data_len = 0;394 rv = gnutls_x509_crt_get_subject_alt_name(cert, i,395 NULL,396 &data_len,397 NULL);398 399 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER400 && data_len > 1) {401 /* FIXME: not very efficient. What if we have several alt names402 * before DNSName?403 */404 *cert_cn = apr_palloc(p, data_len + 1);405 406 rv = gnutls_x509_crt_get_subject_alt_name407 (cert, i, *cert_cn, &data_len, NULL);408 (*cert_cn)[data_len] = 0;409 410 if (rv == GNUTLS_SAN_DNSNAME)411 break;412 }413 }414 }415 416 return rv;417 360 } 418 361 … … 752 695 } 753 696 754 if (sc->enabled == GNUTLS_ENABLED_TRUE) {755 rv = -1;756 if (sc->certs_x509_chain_num > 0) {757 rv = read_crt_cn(s, pconf, sc->certs_x509_crt_chain[0], &sc->cert_cn);758 }759 760 if (rv < 0) {761 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,762 "GnuTLS: Cannot find a certificate for host '%s:%d'!",763 s->server_hostname, s->port);764 sc->cert_cn = NULL;765 continue;766 }767 }768 769 697 if (sc->enabled == GNUTLS_ENABLED_TRUE 770 698 && sc->proxy_enabled == GNUTLS_ENABLED_TRUE … … 956 884 &gnutls_module); 957 885 958 if (tsc->enabled != GNUTLS_ENABLED_TRUE || tsc->cert_cn == NULL) {886 if (tsc->enabled != GNUTLS_ENABLED_TRUE) { 959 887 return 0; 960 888 } -
src/mod_gnutls.c
rcb6476c radceac0 219 219 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, 220 220 "%s: mod_proxy requested TLS proxy, but not enabled " 221 "for %s", __func__, ctxt->sc->cert_cn); 221 "for %s:%d", __func__, 222 ctxt->c->base_server->server_hostname, 223 ctxt->c->base_server->addrs->host_port); 222 224 return 0; 223 225 }
Note: See TracChangeset
for help on using the changeset viewer.