Changeset adceac0 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Sep 26, 2018, 3:21:32 PM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
2ec3e54
Parents:
cb6476c
Message:

Remove unneeded server variables "cert_cn" and "cert_san"

"cert_san" wasn't used or assigned at all, "cert_cn" filled but used
only in a redundant check for assignment and a log message that's
better served by the server name of the virtual host.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    rcb6476c radceac0  
    358358            return -1;
    359359        }
    360 }
    361 
    362 /* Read the common name or the alternative name of the certificate.
    363  * We only support a single name per certificate.
    364  *
    365  * Returns negative on error.
    366  */
    367 static int read_crt_cn(server_rec * s, apr_pool_t * p, gnutls_x509_crt_t cert, char **cert_cn) {
    368 
    369     int rv = 0;
    370     size_t data_len;
    371 
    372 
    373     _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    374     *cert_cn = NULL;
    375 
    376     data_len = 0;
    377     rv = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, NULL, &data_len);
    378 
    379     if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {
    380         *cert_cn = apr_palloc(p, data_len);
    381         rv = gnutls_x509_crt_get_dn_by_oid(cert,
    382                 GNUTLS_OID_X520_COMMON_NAME,
    383                 0, 0, *cert_cn,
    384                 &data_len);
    385     } else { /* No CN return subject alternative name */
    386         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
    387                 "No common name found in certificate for '%s:%d'. Looking for subject alternative name...",
    388                 s->server_hostname, s->port);
    389         rv = 0;
    390         /* read subject alternative name */
    391         for (int i = 0; !(rv < 0); i++)
    392         {
    393             data_len = 0;
    394             rv = gnutls_x509_crt_get_subject_alt_name(cert, i,
    395                     NULL,
    396                     &data_len,
    397                     NULL);
    398 
    399             if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER
    400                     && data_len > 1) {
    401                 /* FIXME: not very efficient. What if we have several alt names
    402                  * before DNSName?
    403                  */
    404                 *cert_cn = apr_palloc(p, data_len + 1);
    405 
    406                 rv = gnutls_x509_crt_get_subject_alt_name
    407                         (cert, i, *cert_cn, &data_len, NULL);
    408                 (*cert_cn)[data_len] = 0;
    409 
    410                 if (rv == GNUTLS_SAN_DNSNAME)
    411                     break;
    412             }
    413         }
    414     }
    415 
    416     return rv;
    417360}
    418361
     
    752695        }
    753696
    754         if (sc->enabled == GNUTLS_ENABLED_TRUE) {
    755             rv = -1;
    756             if (sc->certs_x509_chain_num > 0) {
    757                 rv = read_crt_cn(s, pconf, sc->certs_x509_crt_chain[0], &sc->cert_cn);
    758             }
    759 
    760             if (rv < 0) {
    761                 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    762                                                         "GnuTLS: Cannot find a certificate for host '%s:%d'!",
    763                                                         s->server_hostname, s->port);
    764                 sc->cert_cn = NULL;
    765                 continue;
    766             }
    767         }
    768 
    769697        if (sc->enabled == GNUTLS_ENABLED_TRUE
    770698            && sc->proxy_enabled == GNUTLS_ENABLED_TRUE
     
    956884            &gnutls_module);
    957885
    958     if (tsc->enabled != GNUTLS_ENABLED_TRUE || tsc->cert_cn == NULL) {
     886    if (tsc->enabled != GNUTLS_ENABLED_TRUE) {
    959887        return 0;
    960888    }
Note: See TracChangeset for help on using the changeset viewer.