Changeset beb14d9 in mod_gnutls for src/gnutls_hooks.c
- Timestamp:
- Jan 27, 2015, 7:20:27 AM (6 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream
- Children:
- 4fefa39
- Parents:
- c1ef069
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
rc1ef069 rbeb14d9 147 147 gnutls_certificate_server_set_request(session, ctxt->sc->client_verify_mode); 148 148 149 /* Set x509 credentials */ 150 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs); 149 151 /* Set Anon credentials */ 150 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs);151 /* Set x509 credentials */152 152 gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); 153 153 … … 714 714 715 715 /* Initialize GnuTLS Library */ 716 int err = gnutls_init(&ctxt->session, GNUTLS_SERVER); 717 if (err != GNUTLS_E_SUCCESS) 718 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_init failed!"); 719 /* Initialize Session Tickets */ 720 if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) { 721 err = gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); 716 int err = 0; 717 if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE) 718 { 719 /* this is an outgoing proxy connection, client mode */ 720 err = gnutls_init(&ctxt->session, GNUTLS_CLIENT); 722 721 if (err != GNUTLS_E_SUCCESS) 723 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_session_ticket_enable_server failed!"); 722 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, 723 "gnutls_init for proxy connection failed: %s (%d)", 724 gnutls_strerror(err), err); 725 err = gnutls_session_ticket_enable_client(ctxt->session); 726 if (err != GNUTLS_E_SUCCESS) 727 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, 728 "gnutls_session_ticket_enable_client failed: %s (%d)", 729 gnutls_strerror(err), err); 730 } 731 else 732 { 733 /* incoming connection, server mode */ 734 err = gnutls_init(&ctxt->session, GNUTLS_SERVER); 735 if (err != GNUTLS_E_SUCCESS) 736 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, 737 "gnutls_init for server side failed: %s (%d)", 738 gnutls_strerror(err), err); 739 /* Initialize Session Tickets */ 740 if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) 741 { 742 err = gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); 743 if (err != GNUTLS_E_SUCCESS) 744 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, 745 "gnutls_session_ticket_enable_server failed: %s (%d)", 746 gnutls_strerror(err), err); 747 } 724 748 } 725 749 … … 731 755 gnutls_handshake_set_post_client_hello_function(ctxt->session, 732 756 mgs_select_virtual_server_cb); 757 758 /* If mod_gnutls is the TLS server, mgs_select_virtual_server_cb 759 * will load appropriate credentials during handshake. However, 760 * when handling a proxy backend connection, mod_gnutls acts as 761 * TLS client and credentials must be loaded here. */ 762 if (ctxt->is_proxy == GNUTLS_ENABLED_TRUE) 763 { 764 /* Set anonymous client credentials for proxy connections */ 765 gnutls_credentials_set(ctxt->session, GNUTLS_CRD_ANON, 766 ctxt->sc->anon_client_creds); 767 /* Set x509 credentials */ 768 gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, 769 ctxt->sc->certs); 770 /* Load priorities from the server configuration */ 771 err = gnutls_priority_set(ctxt->session, ctxt->sc->priorities); 772 if (err != GNUTLS_E_SUCCESS) 773 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, 774 "%s: setting priorities for proxy connection failed: %s (%d)", 775 __func__, gnutls_strerror(err), err); 776 } 777 733 778 /* Initialize Session Cache */ 734 779 mgs_cache_session_init(ctxt);
Note: See TracChangeset
for help on using the changeset viewer.