Changeset c4a015b in mod_gnutls for src


Ignore:
Timestamp:
Apr 4, 2015, 5:03:43 PM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
01b5d85
Parents:
259e835 (diff), 9a06bbd (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'split-testsuite' into new-gnutls-api

OpenPGP support is still broken, but this will make testing a lot
easier.

Location:
src
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_hooks.c

    r259e835 rc4a015b  
    632632}
    633633
    634 static void create_gnutls_handle(conn_rec * c) {
    635     mgs_handle_t *ctxt;
    636     /* Get mod_gnutls Configuration Record */
    637     mgs_srvconf_rec *sc =(mgs_srvconf_rec *)
    638             ap_get_module_config(c->base_server->module_config,&gnutls_module);
    639 
    640     _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    641     ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
     634static void create_gnutls_handle(conn_rec * c)
     635{
     636    /* Get mod_gnutls server configuration */
     637    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
     638            ap_get_module_config(c->base_server->module_config, &gnutls_module);
     639
     640    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
     641
     642    /* Get connection specific configuration */
     643    mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module);
     644    if (ctxt == NULL)
     645    {
     646        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__);
     647        ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
     648        ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
     649    }
     650    ctxt->enabled = GNUTLS_ENABLED_TRUE;
    642651    ctxt->c = c;
    643652    ctxt->sc = sc;
     
    650659    ctxt->output_blen = 0;
    651660    ctxt->output_length = 0;
     661
    652662    /* Initialize GnuTLS Library */
    653     gnutls_init(&ctxt->session, GNUTLS_SERVER);
     663    int err = gnutls_init(&ctxt->session, GNUTLS_SERVER);
     664    if (err != GNUTLS_E_SUCCESS)
     665        ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_init failed!");
    654666    /* Initialize Session Tickets */
    655667    if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) {
    656         gnutls_session_ticket_enable_server(ctxt->session,&session_ticket_key);
     668        err = gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key);
     669        if (err != GNUTLS_E_SUCCESS)
     670            ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_session_ticket_enable_server failed!");
    657671    }
    658672
    659673    /* Set Default Priority */
    660         gnutls_priority_set_direct (ctxt->session, "NORMAL", NULL);
     674        err = gnutls_priority_set_direct(ctxt->session, "NORMAL", NULL);
     675    if (err != GNUTLS_E_SUCCESS)
     676        ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_priority_set_direct failed!");
    661677    /* Set Handshake function */
    662678    gnutls_handshake_set_post_client_hello_function(ctxt->session,
     
    665681    mgs_cache_session_init(ctxt);
    666682
    667     /* Set this config for this connection */
    668     ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
    669683    /* Set pull, push & ptr functions */
    670684    gnutls_transport_set_pull_function(ctxt->session,
     
    680694}
    681695
    682 int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused))) {
    683     mgs_srvconf_rec *sc;
    684 
    685     _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    686 
    687     sc = (mgs_srvconf_rec *) ap_get_module_config(c->base_server->module_config,
    688             &gnutls_module);
    689 
    690     if (sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) {
     696int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused)))
     697{
     698    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
     699
     700    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
     701        ap_get_module_config(c->base_server->module_config, &gnutls_module);
     702    mgs_handle_t *ctxt = (mgs_handle_t *)
     703        ap_get_module_config(c->conn_config, &gnutls_module);
     704
     705    if ((sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE))
     706        || (ctxt && ctxt->enabled == GNUTLS_ENABLED_FALSE))
     707    {
     708        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s declined connection",
     709                      __func__);
    691710        return DECLINED;
    692711    }
     
    710729    apr_table_t *env = r->subprocess_env;
    711730
    712     ctxt =
    713             ap_get_module_config(r->connection->conn_config,
    714             &gnutls_module);
    715 
    716     if (!ctxt || ctxt->session == NULL) {
     731    ctxt = ap_get_module_config(r->connection->conn_config,
     732                                &gnutls_module);
     733
     734    if (!ctxt || ctxt->enabled != GNUTLS_ENABLED_TRUE || ctxt->session == NULL)
     735    {
     736        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "request declined in %s", __func__);
    717737        return DECLINED;
    718738    }

  • src/mod_gnutls.c

    r259e835 rc4a015b  
    2020#include "mod_gnutls.h"
    2121
    22 static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) {
    23 
     22#ifdef APLOG_USE_MODULE
     23APLOG_USE_MODULE(gnutls);
     24#endif
     25
     26static void gnutls_hooks(apr_pool_t * p __attribute__((unused)))
     27{
    2428    /* Try Run Post-Config Hook After mod_proxy */
    2529    static const char * const aszPre[] = { "mod_proxy.c", NULL };
     
    7579}
    7680
    77 int ssl_engine_disable(conn_rec *c) {
     81int ssl_engine_disable(conn_rec *c)
     82{
    7883    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    79             ap_get_module_config(c->base_server->module_config, &gnutls_module);
     84        ap_get_module_config(c->base_server->module_config, &gnutls_module);
    8085    if(sc->enabled == GNUTLS_ENABLED_FALSE) {
    8186        return 1;
    8287    }
    83     ap_remove_input_filter(c->input_filters);
    84     ap_remove_input_filter(c->output_filters);
    85     mgs_cleanup_pre_config(c->pool);
    86     sc->enabled = 0;
     88
     89    /* disable TLS for this connection */
     90    mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module);
     91    if (ctxt == NULL)
     92    {
     93        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__);
     94        ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
     95        ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
     96    }
     97    ctxt->enabled = GNUTLS_ENABLED_FALSE;
     98
     99    if (c->input_filters)
     100        ap_remove_input_filter(c->input_filters);
     101    if (c->output_filters)
     102        ap_remove_output_filter(c->output_filters);
     103
    87104    return 1;
    88105}
     
    91108    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    92109            ap_get_module_config(c->base_server->module_config, &gnutls_module);
    93     sc->proxy_enabled = 1;
    94     sc->enabled = 0;
     110    sc->proxy_enabled = GNUTLS_ENABLED_TRUE;
     111    sc->enabled = GNUTLS_ENABLED_FALSE;
    95112    return 1;
    96113}
Note: See TracChangeset for help on using the changeset viewer.