Changeset beb14d9 in mod_gnutls for src/gnutls_config.c


Ignore:
Timestamp:
Jan 27, 2015, 7:20:27 AM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
4fefa39
Parents:
c1ef069
Message:

Proof of concept: Support for proxy back end connections using TLS

This commit enables TLS on proxy back end connections if requested from
mod_proxy. Since mod_gnutls acts as client instead of server on proxy
back end connections, TLS session setup is quite different.

Note that this implementation is not finished, in particular the proxy
back end connection is hard coded to use the same X.509 credentials as
the server side, which severely restricts usable certificate
combinations.

Some typos in comments and an error message related to TLS handshake are
fixed as well.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_config.c

    rc1ef069 rbeb14d9  
    620620        return NULL;
    621621    }
     622
     623    /* FIXME: not ideal, should be called only if SSLProxyEngine is
     624     * enabled */
     625    ret = gnutls_anon_allocate_client_credentials(&sc->anon_client_creds);
     626    if (ret < 0)
     627    {
     628        *err = apr_psprintf(p, "GnuTLS: Failed to initialize"
     629                            ": (%d) %s", ret,
     630                            gnutls_strerror(ret));
     631        return NULL;
     632    }
    622633#ifdef ENABLE_SRP
    623634    ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds);
     
    696707    gnutls_srvconf_assign(certs);
    697708    gnutls_srvconf_assign(anon_creds);
     709    gnutls_srvconf_assign(anon_client_creds);
    698710    gnutls_srvconf_assign(srp_creds);
    699711    gnutls_srvconf_assign(certs_x509_chain);
Note: See TracChangeset for help on using the changeset viewer.