Changeset adceac0 in mod_gnutls for src/gnutls_hooks.c
- Timestamp:
- Sep 26, 2018, 3:21:32 PM (2 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- 2ec3e54
- Parents:
- cb6476c
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
rcb6476c radceac0 358 358 return -1; 359 359 } 360 }361 362 /* Read the common name or the alternative name of the certificate.363 * We only support a single name per certificate.364 *365 * Returns negative on error.366 */367 static int read_crt_cn(server_rec * s, apr_pool_t * p, gnutls_x509_crt_t cert, char **cert_cn) {368 369 int rv = 0;370 size_t data_len;371 372 373 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);374 *cert_cn = NULL;375 376 data_len = 0;377 rv = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, NULL, &data_len);378 379 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {380 *cert_cn = apr_palloc(p, data_len);381 rv = gnutls_x509_crt_get_dn_by_oid(cert,382 GNUTLS_OID_X520_COMMON_NAME,383 0, 0, *cert_cn,384 &data_len);385 } else { /* No CN return subject alternative name */386 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,387 "No common name found in certificate for '%s:%d'. Looking for subject alternative name...",388 s->server_hostname, s->port);389 rv = 0;390 /* read subject alternative name */391 for (int i = 0; !(rv < 0); i++)392 {393 data_len = 0;394 rv = gnutls_x509_crt_get_subject_alt_name(cert, i,395 NULL,396 &data_len,397 NULL);398 399 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER400 && data_len > 1) {401 /* FIXME: not very efficient. What if we have several alt names402 * before DNSName?403 */404 *cert_cn = apr_palloc(p, data_len + 1);405 406 rv = gnutls_x509_crt_get_subject_alt_name407 (cert, i, *cert_cn, &data_len, NULL);408 (*cert_cn)[data_len] = 0;409 410 if (rv == GNUTLS_SAN_DNSNAME)411 break;412 }413 }414 }415 416 return rv;417 360 } 418 361 … … 752 695 } 753 696 754 if (sc->enabled == GNUTLS_ENABLED_TRUE) {755 rv = -1;756 if (sc->certs_x509_chain_num > 0) {757 rv = read_crt_cn(s, pconf, sc->certs_x509_crt_chain[0], &sc->cert_cn);758 }759 760 if (rv < 0) {761 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,762 "GnuTLS: Cannot find a certificate for host '%s:%d'!",763 s->server_hostname, s->port);764 sc->cert_cn = NULL;765 continue;766 }767 }768 769 697 if (sc->enabled == GNUTLS_ENABLED_TRUE 770 698 && sc->proxy_enabled == GNUTLS_ENABLED_TRUE … … 956 884 &gnutls_module); 957 885 958 if (tsc->enabled != GNUTLS_ENABLED_TRUE || tsc->cert_cn == NULL) {886 if (tsc->enabled != GNUTLS_ENABLED_TRUE) { 959 887 return 0; 960 888 }
Note: See TracChangeset
for help on using the changeset viewer.