Changes in / [259e835:c4a015b] in mod_gnutls
- Files:
-
- 112 added
- 94 deleted
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
Makefile.am
r259e835 rc4a015b 8 8 NOTICE LICENSE autogen.sh 9 9 10 SUBDIRS = src 10 SUBDIRS = src test 11 11 ACLOCAL_AMFLAGS = -I m4 12 TESTS = run_tests.sh -
README
r259e835 rc4a015b 17 17 Nikos Mavrogiannopoulos <nmav at gnutls.org> 18 18 Dash Shendy <neuromancer at dash.za.net> 19 Thomas Klute <thomas2.klute@uni-dortmund.de> 19 20 20 21 Prerequisites -
configure.ac
r259e835 rc4a015b 59 59 [enable Monkeysphere client certificate verification]), 60 60 use_msva=$enableval, use_msva=no) 61 AM_CONDITIONAL([USE_MSVA], [test "$use_msva" = "$enableval"]) 61 62 62 63 MSVA_CFLAGS="" … … 82 83 AC_SUBST(MODULE_LIBS) 83 84 84 AC_CONFIG_FILES([Makefile src/Makefile include/mod_gnutls.h])85 AC_CONFIG_FILES([Makefile src/Makefile test/Makefile include/mod_gnutls.h]) 85 86 AC_OUTPUT 86 87 -
include/mod_gnutls.h.in
r259e835 rc4a015b 203 203 /* Connection record */ 204 204 conn_rec* c; 205 /* Is TLS enabled for this connection? */ 206 int enabled; 205 207 /* GnuTLS Session handle */ 206 208 gnutls_session_t session; -
src/gnutls_hooks.c
r259e835 rc4a015b 632 632 } 633 633 634 static void create_gnutls_handle(conn_rec * c) { 635 mgs_handle_t *ctxt; 636 /* Get mod_gnutls Configuration Record */ 637 mgs_srvconf_rec *sc =(mgs_srvconf_rec *) 638 ap_get_module_config(c->base_server->module_config,&gnutls_module); 639 640 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 641 ctxt = apr_pcalloc(c->pool, sizeof (*ctxt)); 634 static void create_gnutls_handle(conn_rec * c) 635 { 636 /* Get mod_gnutls server configuration */ 637 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 638 ap_get_module_config(c->base_server->module_config, &gnutls_module); 639 640 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 641 642 /* Get connection specific configuration */ 643 mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module); 644 if (ctxt == NULL) 645 { 646 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__); 647 ctxt = apr_pcalloc(c->pool, sizeof (*ctxt)); 648 ap_set_module_config(c->conn_config, &gnutls_module, ctxt); 649 } 650 ctxt->enabled = GNUTLS_ENABLED_TRUE; 642 651 ctxt->c = c; 643 652 ctxt->sc = sc; … … 650 659 ctxt->output_blen = 0; 651 660 ctxt->output_length = 0; 661 652 662 /* Initialize GnuTLS Library */ 653 gnutls_init(&ctxt->session, GNUTLS_SERVER); 663 int err = gnutls_init(&ctxt->session, GNUTLS_SERVER); 664 if (err != GNUTLS_E_SUCCESS) 665 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_init failed!"); 654 666 /* Initialize Session Tickets */ 655 667 if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) { 656 gnutls_session_ticket_enable_server(ctxt->session,&session_ticket_key); 668 err = gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key); 669 if (err != GNUTLS_E_SUCCESS) 670 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_session_ticket_enable_server failed!"); 657 671 } 658 672 659 673 /* Set Default Priority */ 660 gnutls_priority_set_direct (ctxt->session, "NORMAL", NULL); 674 err = gnutls_priority_set_direct(ctxt->session, "NORMAL", NULL); 675 if (err != GNUTLS_E_SUCCESS) 676 ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_priority_set_direct failed!"); 661 677 /* Set Handshake function */ 662 678 gnutls_handshake_set_post_client_hello_function(ctxt->session, … … 665 681 mgs_cache_session_init(ctxt); 666 682 667 /* Set this config for this connection */668 ap_set_module_config(c->conn_config, &gnutls_module, ctxt);669 683 /* Set pull, push & ptr functions */ 670 684 gnutls_transport_set_pull_function(ctxt->session, … … 680 694 } 681 695 682 int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused))) { 683 mgs_srvconf_rec *sc; 684 685 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 686 687 sc = (mgs_srvconf_rec *) ap_get_module_config(c->base_server->module_config, 688 &gnutls_module); 689 690 if (sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) { 696 int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused))) 697 { 698 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); 699 700 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 701 ap_get_module_config(c->base_server->module_config, &gnutls_module); 702 mgs_handle_t *ctxt = (mgs_handle_t *) 703 ap_get_module_config(c->conn_config, &gnutls_module); 704 705 if ((sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) 706 || (ctxt && ctxt->enabled == GNUTLS_ENABLED_FALSE)) 707 { 708 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s declined connection", 709 __func__); 691 710 return DECLINED; 692 711 } … … 710 729 apr_table_t *env = r->subprocess_env; 711 730 712 ctxt = 713 ap_get_module_config(r->connection->conn_config, 714 &gnutls_module); 715 716 if (!ctxt || ctxt->session == NULL) { 731 ctxt = ap_get_module_config(r->connection->conn_config, 732 &gnutls_module); 733 734 if (!ctxt || ctxt->enabled != GNUTLS_ENABLED_TRUE || ctxt->session == NULL) 735 { 736 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "request declined in %s", __func__); 717 737 return DECLINED; 718 738 } -
src/mod_gnutls.c
r259e835 rc4a015b 20 20 #include "mod_gnutls.h" 21 21 22 static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) { 23 22 #ifdef APLOG_USE_MODULE 23 APLOG_USE_MODULE(gnutls); 24 #endif 25 26 static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) 27 { 24 28 /* Try Run Post-Config Hook After mod_proxy */ 25 29 static const char * const aszPre[] = { "mod_proxy.c", NULL }; … … 75 79 } 76 80 77 int ssl_engine_disable(conn_rec *c) { 81 int ssl_engine_disable(conn_rec *c) 82 { 78 83 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 79 84 ap_get_module_config(c->base_server->module_config, &gnutls_module); 80 85 if(sc->enabled == GNUTLS_ENABLED_FALSE) { 81 86 return 1; 82 87 } 83 ap_remove_input_filter(c->input_filters); 84 ap_remove_input_filter(c->output_filters); 85 mgs_cleanup_pre_config(c->pool); 86 sc->enabled = 0; 88 89 /* disable TLS for this connection */ 90 mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module); 91 if (ctxt == NULL) 92 { 93 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__); 94 ctxt = apr_pcalloc(c->pool, sizeof (*ctxt)); 95 ap_set_module_config(c->conn_config, &gnutls_module, ctxt); 96 } 97 ctxt->enabled = GNUTLS_ENABLED_FALSE; 98 99 if (c->input_filters) 100 ap_remove_input_filter(c->input_filters); 101 if (c->output_filters) 102 ap_remove_output_filter(c->output_filters); 103 87 104 return 1; 88 105 } … … 91 108 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 92 109 ap_get_module_config(c->base_server->module_config, &gnutls_module); 93 sc->proxy_enabled = 1;94 sc->enabled = 0;110 sc->proxy_enabled = GNUTLS_ENABLED_TRUE; 111 sc->enabled = GNUTLS_ENABLED_FALSE; 95 112 return 1; 96 113 }
Note: See TracChangeset
for help on using the changeset viewer.