- Timestamp:
- Apr 4, 2015, 5:03:43 PM (5 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, master, upstream
- Children:
- 01b5d85
- Parents:
- 259e835 (diff), 9a06bbd (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Location:
- src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
r259e835 rc4a015b 632 632 } 633 633 634 static void create_gnutls_handle(conn_rec * c) { 635 mgs_handle_t *ctxt; 636 /* Get mod_gnutls Configuration Record */ 637 mgs_srvconf_rec *sc =(mgs_srvconf_rec *) 638 ap_get_module_config(c->base_server->module_config,&gnutls_module); 639 640 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 641 ctxt = apr_pcalloc(c->pool, sizeof (*ctxt)); 634 static void create_gnutls_handle(conn_rec * c) 635 { 636 /* Get mod_gnutls server configuration */ 637 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 638 ap_get_module_config(c->base_server->module_config, &gnutls_module); 639 640 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 641 642 /* Get connection specific configuration */ 643 mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module); 644 if (ctxt == NULL) 645 { 646 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__); 647 ctxt = apr_pcalloc(c->pool, sizeof (*ctxt)); 648 ap_set_module_config(c->conn_config, &gnutls_module, ctxt); 649 } 650 ctxt->enabled = GNUTLS_ENABLED_TRUE; 642 651 ctxt->c = c; 643 652 ctxt->sc = sc; … … 650 659 ctxt->output_blen = 0; 651 660 ctxt->output_length = 0; 661 652 662 /* Initialize GnuTLS Library */ 653 gnutls_init(&ctxt->session, GNUTLS_SERVER); 663 int err = gnutls_init(&ctxt->session, GNUTLS_SERVER); 664 if (err != GNUTLS_E_SUCCESS) 665 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_init failed!"); 654 666 /* Initialize Session Tickets */ 655 667 if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) { 656 gnutls_session_ticket_enable_server(ctxt->session,&session_ticket_key); 668 err = gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); 669 if (err != GNUTLS_E_SUCCESS) 670 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_session_ticket_enable_server failed!"); 657 671 } 658 672 659 673 /* Set Default Priority */ 660 gnutls_priority_set_direct (ctxt->session, "NORMAL", NULL); 674 err = gnutls_priority_set_direct(ctxt->session, "NORMAL", NULL); 675 if (err != GNUTLS_E_SUCCESS) 676 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_priority_set_direct failed!"); 661 677 /* Set Handshake function */ 662 678 gnutls_handshake_set_post_client_hello_function(ctxt->session, … … 665 681 mgs_cache_session_init(ctxt); 666 682 667 /* Set this config for this connection */668 ap_set_module_config(c->conn_config, &gnutls_module, ctxt);669 683 /* Set pull, push & ptr functions */ 670 684 gnutls_transport_set_pull_function(ctxt->session, … … 680 694 } 681 695 682 int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused))) { 683 mgs_srvconf_rec *sc; 684 685 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 686 687 sc = (mgs_srvconf_rec *) ap_get_module_config(c->base_server->module_config, 688 &gnutls_module); 689 690 if (sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) { 696 int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused))) 697 { 698 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 699 700 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 701 ap_get_module_config(c->base_server->module_config, &gnutls_module); 702 mgs_handle_t *ctxt = (mgs_handle_t *) 703 ap_get_module_config(c->conn_config, &gnutls_module); 704 705 if ((sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) 706 || (ctxt && ctxt->enabled == GNUTLS_ENABLED_FALSE)) 707 { 708 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s declined connection", 709 __func__); 691 710 return DECLINED; 692 711 } … … 710 729 apr_table_t *env = r->subprocess_env; 711 730 712 ctxt = 713 ap_get_module_config(r->connection->conn_config, 714 &gnutls_module); 715 716 if (!ctxt || ctxt->session == NULL) { 731 ctxt = ap_get_module_config(r->connection->conn_config, 732 &gnutls_module); 733 734 if (!ctxt || ctxt->enabled != GNUTLS_ENABLED_TRUE || ctxt->session == NULL) 735 { 736 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "request declined in %s", __func__); 717 737 return DECLINED; 718 738 } -
src/mod_gnutls.c
r259e835 rc4a015b 20 20 #include "mod_gnutls.h" 21 21 22 static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) { 23 22 #ifdef APLOG_USE_MODULE 23 APLOG_USE_MODULE(gnutls); 24 #endif 25 26 static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) 27 { 24 28 /* Try Run Post-Config Hook After mod_proxy */ 25 29 static const char * const aszPre[] = { "mod_proxy.c", NULL }; … … 75 79 } 76 80 77 int ssl_engine_disable(conn_rec *c) { 81 int ssl_engine_disable(conn_rec *c) 82 { 78 83 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 79 84 ap_get_module_config(c->base_server->module_config, &gnutls_module); 80 85 if(sc->enabled == GNUTLS_ENABLED_FALSE) { 81 86 return 1; 82 87 } 83 ap_remove_input_filter(c->input_filters); 84 ap_remove_input_filter(c->output_filters); 85 mgs_cleanup_pre_config(c->pool); 86 sc->enabled = 0; 88 89 /* disable TLS for this connection */ 90 mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module); 91 if (ctxt == NULL) 92 { 93 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__); 94 ctxt = apr_pcalloc(c->pool, sizeof (*ctxt)); 95 ap_set_module_config(c->conn_config, &gnutls_module, ctxt); 96 } 97 ctxt->enabled = GNUTLS_ENABLED_FALSE; 98 99 if (c->input_filters) 100 ap_remove_input_filter(c->input_filters); 101 if (c->output_filters) 102 ap_remove_output_filter(c->output_filters); 103 87 104 return 1; 88 105 } … … 91 108 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 92 109 ap_get_module_config(c->base_server->module_config, &gnutls_module); 93 sc->proxy_enabled = 1;94 sc->enabled = 0;110 sc->proxy_enabled = GNUTLS_ENABLED_TRUE; 111 sc->enabled = GNUTLS_ENABLED_FALSE; 95 112 return 1; 96 113 }
Note: See TracChangeset
for help on using the changeset viewer.