- Timestamp:
- Jan 11, 2013, 12:58:02 AM (8 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, upstream
- Children:
- 5508683, ae015fa
- Parents:
- 66b608e
- Location:
- src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_cache.c
r66b608e rbbb9bb1 34 34 #endif 35 35 36 /* it seems the default has some strange errors. Use SDBM 37 */ 38 #define ODB "SDBM" 36 39 37 40 #define MC_TAG "mod_gnutls:" … … 296 299 #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD ) 297 300 298 static intdbm_cache_expire(mgs_handle_t *ctxt)301 static void dbm_cache_expire(mgs_handle_t *ctxt) 299 302 { 300 303 apr_status_t rv; 301 304 apr_dbm_t *dbm; 302 apr_datum_t *keylist;303 305 apr_datum_t dbmkey; 304 306 apr_datum_t dbmval; 305 apr_time_t ex;307 apr_time_t now; 306 308 apr_time_t dtime; 307 309 apr_pool_t* spool; 308 int i = 0; 309 int keyidx = 0; 310 int should_delete = 0; 310 int total, deleted; 311 312 now = apr_time_now(); 313 314 if (now - ctxt->sc->last_cache_check < (ctxt->sc->cache_timeout)/2) 315 return; 316 317 ctxt->sc->last_cache_check = now; 311 318 312 319 apr_pool_create(&spool, ctxt->c->pool); 313 ex = apr_time_now(); 314 315 rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, APR_DBM_READONLY, 320 321 total = 0; 322 deleted = 0; 323 324 rv = apr_dbm_open_ex(&dbm, ODB, ctxt->sc->cache_config, APR_DBM_RWCREATE, 316 325 SSL_DBM_FILE_MODE, spool); 317 326 if (rv != APR_SUCCESS) { … … 320 329 "[gnutls_cache] error opening cache searcher '%s'", 321 330 ctxt->sc->cache_config); 322 return -1; 323 } 324 325 #define KEYMAX 128 326 327 keylist = apr_palloc(spool, sizeof(dbmkey)*KEYMAX); 331 apr_pool_destroy(spool); 332 return; 333 } 328 334 329 335 apr_dbm_firstkey(dbm, &dbmkey); 330 336 while (dbmkey.dptr != NULL) { 331 337 apr_dbm_fetch(dbm, dbmkey, &dbmval); 332 if (dbmval.dptr != NULL) { 333 if (dbmval.dsize >= sizeof(apr_time_t)) { 338 if (dbmval.dptr != NULL && dbmval.dsize >= sizeof(apr_time_t)) { 334 339 memcpy(&dtime, dbmval.dptr, sizeof(apr_time_t)); 335 if (dtime < ex) { 336 should_delete = 1; 340 341 if (now >= dtime) { 342 apr_dbm_delete(dbm, dbmkey); 343 deleted++; 337 344 } 338 } 339 else { 340 should_delete = 1; 341 } 342 343 if (should_delete == 1) { 344 should_delete = 0; 345 keylist[keyidx].dptr = apr_palloc(spool, dbmkey.dsize) ; 346 memcpy(keylist[keyidx].dptr, dbmkey.dptr, dbmkey.dsize); 347 keylist[keyidx].dsize = dbmkey.dsize; 348 keyidx++; 349 if (keyidx == KEYMAX) { 350 break; 351 } 352 } 353 apr_dbm_freedatum( dbm, dbmval); 354 355 } 345 apr_dbm_freedatum( dbm, dbmval); 346 } else { 347 apr_dbm_delete(dbm, dbmkey); 348 deleted++; 349 } 350 total++; 356 351 apr_dbm_nextkey(dbm, &dbmkey); 357 352 } 358 353 apr_dbm_close(dbm); 359 354 360 rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, 361 APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, spool); 362 if (rv != APR_SUCCESS) { 363 ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, 364 ctxt->c->base_server, 365 "[gnutls_cache] error opening cache writer '%s'", 366 ctxt->sc->cache_config); 367 return -1; 368 } 369 370 for (i = 0; i < keyidx; i++) { 371 apr_dbm_delete(dbm, keylist[i]); 372 } 373 374 apr_dbm_close(dbm); 355 ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, 356 ctxt->c->base_server, 357 "[gnutls_cache] Cleaned up cache '%s'. Deleted %d and left %d", 358 ctxt->sc->cache_config, deleted, total-deleted); 359 375 360 apr_pool_destroy(spool); 376 361 377 return 0;362 return; 378 363 } 379 364 … … 390 375 return data; 391 376 392 rv = apr_dbm_open (&dbm, ctxt->sc->cache_config,393 APR_DBM_R WCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool);377 rv = apr_dbm_open_ex(&dbm, ODB, ctxt->sc->cache_config, 378 APR_DBM_READONLY, SSL_DBM_FILE_MODE, ctxt->c->pool); 394 379 if (rv != APR_SUCCESS) { 395 380 ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, … … 439 424 apr_status_t rv; 440 425 apr_time_t expiry; 426 apr_pool_t* spool; 441 427 442 428 if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) 443 429 return -1; 430 431 /* we expire dbm only on every store 432 */ 433 dbm_cache_expire(ctxt); 434 435 apr_pool_create(&spool, ctxt->c->pool); 444 436 445 437 /* create DBM value */ 446 438 dbmval.dsize = data.size + sizeof(apr_time_t); 447 dbmval.dptr = (char *) malloc(dbmval.dsize);439 dbmval.dptr = (char *)apr_palloc(spool, dbmval.dsize); 448 440 449 441 expiry = apr_time_now() + ctxt->sc->cache_timeout; … … 453 445 data.data, data.size); 454 446 455 /* we expire dbm only on every store 456 */ 457 dbm_cache_expire(ctxt); 458 459 rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, 447 rv = apr_dbm_open_ex(&dbm, ODB, ctxt->sc->cache_config, 460 448 APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); 461 449 if (rv != APR_SUCCESS) { … … 464 452 "[gnutls_cache] error opening cache '%s'", 465 453 ctxt->sc->cache_config); 466 free(dbmval.dptr);454 apr_pool_destroy(spool); 467 455 return -1; 468 456 } … … 476 464 ctxt->sc->cache_config); 477 465 apr_dbm_close(dbm); 478 free(dbmval.dptr);466 apr_pool_destroy(spool); 479 467 return -1; 480 468 } … … 482 470 apr_dbm_close(dbm); 483 471 484 free(dbmval.dptr);472 apr_pool_destroy(spool); 485 473 486 474 return 0; … … 497 485 return -1; 498 486 499 rv = apr_dbm_open (&dbm, ctxt->sc->cache_config,487 rv = apr_dbm_open_ex(&dbm, ODB, ctxt->sc->cache_config, 500 488 APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); 501 489 if (rv != APR_SUCCESS) { … … 531 519 const char* path2; 532 520 533 rv = apr_dbm_open (&dbm, sc->cache_config, APR_DBM_RWCREATE,521 rv = apr_dbm_open_ex(&dbm, ODB, sc->cache_config, APR_DBM_RWCREATE, 534 522 SSL_DBM_FILE_MODE, p); 535 523 … … 543 531 apr_dbm_close(dbm); 544 532 545 apr_dbm_get_usednames (p, sc->cache_config, &path1, &path2);533 apr_dbm_get_usednames_ex(p, ODB, sc->cache_config, &path1, &path2); 546 534 547 535 /* The Following Code takes logic directly from mod_ssl's DBM Cache */ 548 536 #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) 549 537 /* Running as Root */ 550 if ( geteuid() == 0) {538 if (path1 && geteuid() == 0) { 551 539 chown(path1, ap_unixd_config.user_id, -1); 552 540 if (path2 != NULL) { -
src/gnutls_config.c
r66b608e rbbb9bb1 286 286 } 287 287 288 const char *mgs_set_tickets(cmd_parms * parms, void *dummy, 289 const char *arg) 290 { 291 mgs_srvconf_rec *sc = 292 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 293 module_config, 294 &gnutls_module); 295 296 sc->tickets = 0; 297 if (strcasecmp("on", arg) == 0) { 298 sc->tickets = 1; 299 } 300 301 return NULL; 302 } 303 288 304 289 305 #ifdef ENABLE_SRP … … 328 344 } 329 345 330 if (strcasecmp("none", type) == 0) { 331 sc->cache_type = mgs_cache_none; 332 } else if (strcasecmp("dbm", type) == 0) { 346 sc->cache_type = mgs_cache_none; 347 if (strcasecmp("dbm", type) == 0) { 333 348 sc->cache_type = mgs_cache_dbm; 334 349 } … … 590 605 sc->certs_x509_num = 0; 591 606 sc->cache_timeout = apr_time_from_sec(300); 592 sc->cache_type = mgs_cache_ dbm;607 sc->cache_type = mgs_cache_none; 593 608 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); 594 609 -
src/gnutls_hooks.c
r66b608e rbbb9bb1 21 21 #include "ap_mpm.h" 22 22 23 #if APR_HAS_THREADS 24 # if GNUTLS_VERSION_MAJOR <= 2 && GNUTLS_VERSION_MINOR < 11 25 #include <gcrypt.h> 26 GCRY_THREAD_OPTION_PTHREAD_IMPL; 27 # endif 28 #endif 29 23 30 #if !USING_2_1_RECENT 24 31 extern server_rec *ap_server_conf; 25 32 #endif 26 33 27 #if APR_HAS_THREADS28 GCRY_THREAD_OPTION_PTHREAD_IMPL;29 #endif30 31 34 #if MOD_GNUTLS_DEBUG 32 35 static apr_file_t *debug_log_fp; … … 34 37 35 38 static int mpm_is_threaded; 39 static gnutls_datum session_ticket_key = { NULL, 0 }; 36 40 37 41 static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt); … … 46 50 static apr_status_t mgs_cleanup_pre_config(void *data) 47 51 { 52 gnutls_free(session_ticket_key.data); 53 session_ticket_key.data = NULL; 54 session_ticket_key.size = 0; 48 55 gnutls_global_deinit(); 49 56 return APR_SUCCESS; … … 80 87 #if APR_HAS_THREADS 81 88 ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded); 89 #if (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR < 11) || GNUTLS_VERSION_MAJOR < 2 82 90 if (mpm_is_threaded) { 83 91 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); 84 92 } 93 #endif 85 94 #else 86 95 mpm_is_threaded = 0; 87 96 #endif 97 88 98 89 99 if (gnutls_check_version(LIBGNUTLS_VERSION)==NULL) { … … 97 107 _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret)); 98 108 return -3; 109 } 110 111 ret = gnutls_session_ticket_key_generate( &session_ticket_key); 112 if (ret < 0) { 113 _gnutls_log(debug_log_fp, "gnutls_session_ticket_key_generate: %s\n", gnutls_strerror(ret)); 99 114 } 100 115 … … 145 160 * enabled on this virtual server. Note that here we ignore the version 146 161 * negotiation. 147 */ 162 */ 148 163 ret = gnutls_priority_set(session, ctxt->sc->priorities); 149 164 /* actually it shouldn't fail since we have checked at startup */ … … 659 674 660 675 gnutls_init(&ctxt->session, GNUTLS_SERVER); 676 if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) 677 gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); 661 678 662 679 /* because we don't set any default priorities here (we set later at … … 1028 1045 const gnutls_datum_t *cert_list; 1029 1046 unsigned int cert_list_size, status, expired; 1030 int rv , ret;1047 int rv = GNUTLS_E_NO_CERTIFICATE_FOUND, ret; 1031 1048 unsigned int ch_size = 0; 1032 1049 union { … … 1057 1074 "GnuTLS: A Chain of %d certificate(s) was provided for validation", cert_list_size); 1058 1075 1059 for (ch_size = 0; ch_size<cert_list_size; ch_size++) {1076 for (ch_size = 0; ch_size<cert_list_size; ch_size++) { 1060 1077 gnutls_x509_crt_init(&cert.x509[ch_size]); 1061 1078 rv = gnutls_x509_crt_import(cert.x509[ch_size], &cert_list[ch_size], GNUTLS_X509_FMT_DER); -
src/mod_gnutls.c
r66b608e rbbb9bb1 122 122 RSRC_CONF, 123 123 "Cache Configuration"), 124 AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets, 125 NULL, 126 RSRC_CONF, 127 "Session Tickets Configuration"), 124 128 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, 125 129 NULL,
Note: See TracChangeset
for help on using the changeset viewer.