Changeset b1f7f11 in mod_gnutls
- Timestamp:
- Dec 2, 2004, 4:43:34 AM (18 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
- Children:
- 01d15c2
- Parents:
- dae0aec
- Location:
- src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_io.c
rdae0aec rb1f7f11 224 224 225 225 while (1) { 226 227 if (ctxt->status < 0) {228 /* Ensure a non-zero error code is returned */229 if (ctxt->input_rc == APR_SUCCESS) {230 ctxt->input_rc = APR_EGENERAL;231 }232 break;233 }234 226 235 227 rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes); … … 349 341 if (ctxt->status != 0) 350 342 return; 343 #if 0 351 344 352 345 for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) { … … 365 358 } 366 359 367 if (gnutls_error_is_fatal(ret) != 0) { 368 gnutls_deinit(ctxt->session); 369 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, 360 gnutls_deinit(ctxt->session); 361 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, 370 362 "GnuTLS: Handshake Failed (%d) '%s'", ret, 371 363 gnutls_strerror(ret)); 372 364 ctxt->status = -1; 373 365 return; 374 }375 366 } 376 367 else { … … 381 372 ctxt->status = -1; 382 373 return; 374 #else 375 ret = gnutls_handshake(ctxt->session); 376 if (ret < 0) { 377 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED 378 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { 379 ret = gnutls_alert_get(ctxt->session); 380 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, 381 "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret, 382 gnutls_alert_get_name(ret)); 383 } 384 385 gnutls_deinit(ctxt->session); 386 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, 387 "GnuTLS: Handshake Failed (%d) '%s'", ret, 388 gnutls_strerror(ret)); 389 ctxt->status = -1; 390 return; 391 } 392 else { 393 ctxt->status = 1; 394 return; /* all done with the handshake */ 395 } 396 397 #endif 383 398 } 384 399 … … 405 420 406 421 if (ctxt->status < 0) { 407 return ap_get_brigade(f->next, bb, mode, block, readbytes);422 // return ap_get_brigade(f->next, bb, mode, block, readbytes); 408 423 } 409 424 … … 644 659 mod_gnutls_handle_t *ctxt = ptr; 645 660 646 if (!ctxt->output_length647 && (len + ctxt->output_blen < sizeof(ctxt->output_buffer))) {648 /* the first two SSL_writes (of 1024 and 261 bytes)649 * need to be in the same packet (vec[0].iov_base)650 */651 /* XXX: could use apr_brigade_write() to make code look cleaner652 * but this way we avoid the malloc(APR_BUCKET_BUFF_SIZE)653 * and free() of it later654 */655 memcpy(&ctxt->output_buffer[ctxt->output_blen], buffer, len);656 ctxt->output_blen += len;657 }658 else {659 661 /* pass along the encrypted data 660 662 * need to flush since we're using SSL's malloc-ed buffer … … 671 673 return -1; 672 674 } 673 }674 675 675 return len; 676 676 } -
src/mod_gnutls.c
rdae0aec rb1f7f11 150 150 gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); 151 151 152 //gnutls_dh_set_prime_bits(ctxt->session, DH_BITS);152 gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); 153 153 154 154 return ctxt; … … 189 189 module_config, 190 190 &gnutls_module); 191 sc->cert_file = ap r_pstrdup(parms->pool, arg);191 sc->cert_file = ap_server_root_relative(parms->pool, arg); 192 192 return NULL; 193 193 } … … 200 200 module_config, 201 201 &gnutls_module); 202 sc->key_file = ap r_pstrdup(parms->pool, arg);202 sc->key_file = ap_server_root_relative(parms->pool, arg); 203 203 return NULL; 204 204 } … … 292 292 293 293 i = 0; 294 sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS; 294 295 sc->key_exchange[i++] = GNUTLS_KX_RSA; 296 sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA; 295 297 sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT; 296 sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA;297 298 sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS; 298 299 sc->key_exchange[i] = 0;
Note: See TracChangeset
for help on using the changeset viewer.