Context Navigation

Reverse Diff

Changes in / [259e835:c4a015b] in mod_gnutls

Files:

: 112 added
: 94 deleted
: 6 edited

Makefile.am (modified) (1 diff)
README (modified) (1 diff)
configure.ac (modified) (2 diffs)
include/mod_gnutls.h.in (modified) (1 diff)
run_tests.sh (deleted)
src/gnutls_hooks.c (modified) (5 diffs)
src/mod_gnutls.c (modified) (3 diffs)
t/.gitignore (deleted)
t/Makefile (deleted)
t/README (deleted)
t/authority.template.in (deleted)
t/authority.uid (deleted)
t/base_apache.conf (deleted)
t/client.template.in (deleted)
t/client.uid (deleted)
t/data/dump.cgi (deleted)
t/data/secret.txt (deleted)
t/data/test.txt (deleted)
t/imposter.template (deleted)
t/imposter.uid (deleted)
t/mime.types (deleted)
t/newtest (deleted)
t/rogueca.template (deleted)
t/rogueca.uid (deleted)
t/runtests (deleted)
t/server.template.in (deleted)
t/server.uid.in (deleted)
t/setup (deleted)
t/tests/00_basic/apache.conf (deleted)
t/tests/00_basic/gnutls-cli.args (deleted)
t/tests/00_basic/input (deleted)
t/tests/00_basic/output (deleted)
t/tests/01_serverwide_priorities/apache.conf (deleted)
t/tests/01_serverwide_priorities/gnutls-cli.args (deleted)
t/tests/01_serverwide_priorities/input (deleted)
t/tests/01_serverwide_priorities/output (deleted)
t/tests/02_cache_in_vhost/apache.conf (deleted)
t/tests/02_cache_in_vhost/fail.server (deleted)
t/tests/02_cache_in_vhost/gnutls-cli.args (deleted)
t/tests/02_cache_in_vhost/input (deleted)
t/tests/03_cachetimeout_in_vhost/apache.conf (deleted)
t/tests/03_cachetimeout_in_vhost/fail.server (deleted)
t/tests/03_cachetimeout_in_vhost/gnutls-cli.args (deleted)
t/tests/03_cachetimeout_in_vhost/input (deleted)
t/tests/04_basic_nosni/apache.conf (deleted)
t/tests/04_basic_nosni/gnutls-cli.args (deleted)
t/tests/04_basic_nosni/input (deleted)
t/tests/04_basic_nosni/output (deleted)
t/tests/05_mismatched-priorities/apache.conf (deleted)
t/tests/05_mismatched-priorities/fail.client (deleted)
t/tests/05_mismatched-priorities/gnutls-cli.args (deleted)
t/tests/05_mismatched-priorities/input (deleted)
t/tests/06_verify_sni_a/apache.conf (deleted)
t/tests/06_verify_sni_a/gnutls-cli.args (deleted)
t/tests/06_verify_sni_a/input (deleted)
t/tests/06_verify_sni_a/output (deleted)
t/tests/07_verify_sni_b/apache.conf (deleted)
t/tests/07_verify_sni_b/gnutls-cli.args (deleted)
t/tests/07_verify_sni_b/input (deleted)
t/tests/07_verify_sni_b/output (deleted)
t/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf (deleted)
t/tests/08_verify_no_sni_fallback_to_first_vhost/gnutls-cli.args (deleted)
t/tests/08_verify_no_sni_fallback_to_first_vhost/input (deleted)
t/tests/08_verify_no_sni_fallback_to_first_vhost/output (deleted)
t/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf (deleted)
t/tests/09_verify_no_sni_fails_with_wrong_order/fail.client (deleted)
t/tests/09_verify_no_sni_fails_with_wrong_order/gnutls-cli.args (deleted)
t/tests/09_verify_no_sni_fails_with_wrong_order/input (deleted)
t/tests/10_basic_client_verification/apache.conf (deleted)
t/tests/10_basic_client_verification/gnutls-cli.args (deleted)
t/tests/10_basic_client_verification/input (deleted)
t/tests/10_basic_client_verification/output (deleted)
t/tests/11_basic_client_verification_fail/apache.conf (deleted)
t/tests/11_basic_client_verification_fail/fail.client (deleted)
t/tests/11_basic_client_verification_fail/gnutls-cli.args (deleted)
t/tests/11_basic_client_verification_fail/input (deleted)
t/tests/12_cgi_variables/apache.conf (deleted)
t/tests/12_cgi_variables/gnutls-cli.args (deleted)
t/tests/12_cgi_variables/input (deleted)
t/tests/12_cgi_variables/output (deleted)
t/tests/13_cgi_variables_no_client_cert/apache.conf (deleted)
t/tests/13_cgi_variables_no_client_cert/gnutls-cli.args (deleted)
t/tests/13_cgi_variables_no_client_cert/input (deleted)
t/tests/13_cgi_variables_no_client_cert/output (deleted)
t/tests/14_basic_openpgp/apache.conf (deleted)
t/tests/14_basic_openpgp/gnutls-cli.args (deleted)
t/tests/14_basic_openpgp/input (deleted)
t/tests/14_basic_openpgp/output (deleted)
t/tests/15_basic_msva/apache.conf (deleted)
t/tests/15_basic_msva/gnutls-cli.args (deleted)
t/tests/15_basic_msva/input (deleted)
t/tests/15_basic_msva/output (deleted)
t/tests/16_view-status/apache.conf (deleted)
t/tests/16_view-status/gnutls-cli.args (deleted)
t/tests/16_view-status/input (deleted)
t/tests/16_view-status/output (deleted)
t/tests/17_cgi_vars_large_cert/apache.conf (deleted)
t/tests/17_cgi_vars_large_cert/gnutls-cli.args (deleted)
t/tests/17_cgi_vars_large_cert/input (deleted)
t/tests/17_cgi_vars_large_cert/output (deleted)
test/.gitignore (added)
test/Makefile.am (added)
test/README (added)
test/TestMakefile (added)
test/authority.template.in (added)
test/authority.uid (added)
test/base_apache.conf (added)
test/client.template.in (added)
test/client.uid (added)
test/data/dump.cgi (added)
test/data/secret.txt (added)
test/data/test.txt (added)
test/imposter.template (added)
test/imposter.uid (added)
test/mime.types (added)
test/newtest (added)
test/rogueca.template (added)
test/rogueca.uid (added)
test/runtests (added)
test/server.template.in (added)
test/server.uid.in (added)
test/setup (added)
test/test-00_basic.bash (added)
test/test-01_serverwide_priorities.bash (added)
test/test-02_cache_in_vhost.bash (added)
test/test-03_cachetimeout_in_vhost.bash (added)
test/test-04_basic_nosni.bash (added)
test/test-05_mismatched-priorities.bash (added)
test/test-06_verify_sni_a.bash (added)
test/test-07_verify_sni_b.bash (added)
test/test-08_verify_no_sni_fallback_to_first_vhost.bash (added)
test/test-09_verify_no_sni_fails_with_wrong_order.bash (added)
test/test-10_basic_client_verification.bash (added)
test/test-11_basic_client_verification_fail.bash (added)
test/test-12_cgi_variables.bash (added)
test/test-13_cgi_variables_no_client_cert.bash (added)
test/test-14_basic_openpgp.bash (added)
test/test-15_basic_msva.bash (added)
test/test-16_view-status.bash (added)
test/test-17_cgi_vars_large_cert.bash (added)
test/tests/00_basic/apache.conf (added)
test/tests/00_basic/gnutls-cli.args (added)
test/tests/00_basic/input (added)
test/tests/00_basic/output (added)
test/tests/01_serverwide_priorities/apache.conf (added)
test/tests/01_serverwide_priorities/gnutls-cli.args (added)
test/tests/01_serverwide_priorities/input (added)
test/tests/01_serverwide_priorities/output (added)
test/tests/02_cache_in_vhost/apache.conf (added)
test/tests/02_cache_in_vhost/fail.server (added)
test/tests/02_cache_in_vhost/gnutls-cli.args (added)
test/tests/02_cache_in_vhost/input (added)
test/tests/03_cachetimeout_in_vhost/apache.conf (added)
test/tests/03_cachetimeout_in_vhost/fail.server (added)
test/tests/03_cachetimeout_in_vhost/gnutls-cli.args (added)
test/tests/03_cachetimeout_in_vhost/input (added)
test/tests/04_basic_nosni/apache.conf (added)
test/tests/04_basic_nosni/gnutls-cli.args (added)
test/tests/04_basic_nosni/input (added)
test/tests/04_basic_nosni/output (added)
test/tests/05_mismatched-priorities/apache.conf (added)
test/tests/05_mismatched-priorities/fail.client (added)
test/tests/05_mismatched-priorities/gnutls-cli.args (added)
test/tests/05_mismatched-priorities/input (added)
test/tests/06_verify_sni_a/apache.conf (added)
test/tests/06_verify_sni_a/gnutls-cli.args (added)
test/tests/06_verify_sni_a/input (added)
test/tests/06_verify_sni_a/output (added)
test/tests/07_verify_sni_b/apache.conf (added)
test/tests/07_verify_sni_b/gnutls-cli.args (added)
test/tests/07_verify_sni_b/input (added)
test/tests/07_verify_sni_b/output (added)
test/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf (added)
test/tests/08_verify_no_sni_fallback_to_first_vhost/gnutls-cli.args (added)
test/tests/08_verify_no_sni_fallback_to_first_vhost/input (added)
test/tests/08_verify_no_sni_fallback_to_first_vhost/output (added)
test/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf (added)
test/tests/09_verify_no_sni_fails_with_wrong_order/fail.client (added)
test/tests/09_verify_no_sni_fails_with_wrong_order/gnutls-cli.args (added)
test/tests/09_verify_no_sni_fails_with_wrong_order/input (added)
test/tests/10_basic_client_verification/apache.conf (added)
test/tests/10_basic_client_verification/gnutls-cli.args (added)
test/tests/10_basic_client_verification/input (added)
test/tests/10_basic_client_verification/output (added)
test/tests/11_basic_client_verification_fail/apache.conf (added)
test/tests/11_basic_client_verification_fail/fail.client (added)
test/tests/11_basic_client_verification_fail/gnutls-cli.args (added)
test/tests/11_basic_client_verification_fail/input (added)
test/tests/12_cgi_variables/apache.conf (added)
test/tests/12_cgi_variables/gnutls-cli.args (added)
test/tests/12_cgi_variables/input (added)
test/tests/12_cgi_variables/output (added)
test/tests/13_cgi_variables_no_client_cert/apache.conf (added)
test/tests/13_cgi_variables_no_client_cert/gnutls-cli.args (added)
test/tests/13_cgi_variables_no_client_cert/input (added)
test/tests/13_cgi_variables_no_client_cert/output (added)
test/tests/14_basic_openpgp/apache.conf (added)
test/tests/14_basic_openpgp/gnutls-cli.args (added)
test/tests/14_basic_openpgp/input (added)
test/tests/14_basic_openpgp/output (added)
test/tests/15_basic_msva/apache.conf (added)
test/tests/15_basic_msva/gnutls-cli.args (added)
test/tests/15_basic_msva/input (added)
test/tests/15_basic_msva/output (added)
test/tests/16_view-status/apache.conf (added)
test/tests/16_view-status/gnutls-cli.args (added)
test/tests/16_view-status/input (added)
test/tests/16_view-status/output (added)
test/tests/17_cgi_vars_large_cert/apache.conf (added)
test/tests/17_cgi_vars_large_cert/gnutls-cli.args (added)
test/tests/17_cgi_vars_large_cert/input (added)
test/tests/17_cgi_vars_large_cert/output (added)

Legend:

: Unmodified
: Added
: Removed

Makefile.am

r259e835	rc4a015b
8	8	NOTICE LICENSE autogen.sh
9	9
10		SUBDIRS = src
	10	SUBDIRS = src test
11	11	ACLOCAL_AMFLAGS = -I m4
12		~~TESTS = run_tests.sh~~

README

r259e835	rc4a015b
17	17	Nikos Mavrogiannopoulos <nmav at gnutls.org>
18	18	Dash Shendy <neuromancer at dash.za.net>
	19	Thomas Klute <thomas2.klute@uni-dortmund.de>
19	20
20	21	Prerequisites

configure.ac

-                      r259e835
+                      rc4a015b
                [enable Monkeysphere client certificate verification]),
        use_msva=$enableval, use_msva=no)
+AM_CONDITIONAL([USE_MSVA], [test "$use_msva" = "$enableval"])
 MSVA_CFLAGS=""
 …
 AC_SUBST(MODULE_LIBS)
 AC_CONFIG_FILES([Makefile src/Makefile include/mod_gnutls.h])
+AC_CONFIG_FILES([Makefile src/Makefile test/Makefile include/mod_gnutls.h])
 AC_OUTPUT

include/mod_gnutls.h.in

r259e835	rc4a015b
203	203	/* Connection record */
204	204	conn_rec* c;
	205	/* Is TLS enabled for this connection? */
	206	int enabled;
205	207	/* GnuTLS Session handle */
206	208	gnutls_session_t session;

src/gnutls_hooks.c

-                      r259e835
+                      rc4a015b
+}
+static void create_gnutls_handle(conn_rec * c) {
+    mgs_handle_t *ctxt;
+    /* Get mod_gnutls Configuration Record */
+    mgs_srvconf_rec *sc =(mgs_srvconf_rec *)
+            ap_get_module_config(c->base_server->module_config,&gnutls_module);
+    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
+    ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
+static void create_gnutls_handle(conn_rec * c)
+{
+    /* Get mod_gnutls server configuration */
+    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
+            ap_get_module_config(c->base_server->module_config, &gnutls_module);
+    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
+    /* Get connection specific configuration */
+    mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module);
+    if (ctxt == NULL)
+    {
+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__);
+        ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
+        ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
+    }
+    ctxt->enabled = GNUTLS_ENABLED_TRUE;
     ctxt->c = c;
     ctxt->sc = sc;
 …
     ctxt->output_blen = 0;
     ctxt->output_length = 0;
     /* Initialize GnuTLS Library */
+    gnutls_init(&ctxt->session, GNUTLS_SERVER);
+    int err = gnutls_init(&ctxt->session, GNUTLS_SERVER);
+    if (err != GNUTLS_E_SUCCESS)
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_init failed!");
     /* Initialize Session Tickets */
     if (session_ticket_key.data != NULL && ctxt->sc->tickets != 0) {
+        gnutls_session_ticket_enable_server(ctxt->session,&session_ticket_key);
+        err = gnutls_session_ticket_enable_server(ctxt->session, &session_ticket_key);
+        if (err != GNUTLS_E_SUCCESS)
+            ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_session_ticket_enable_server failed!");
+    }
     /* Set Default Priority */
+        gnutls_priority_set_direct (ctxt->session, "NORMAL", NULL);
+        err = gnutls_priority_set_direct(ctxt->session, "NORMAL", NULL);
+    if (err != GNUTLS_E_SUCCESS)
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c, "gnutls_priority_set_direct failed!");
     /* Set Handshake function */
     gnutls_handshake_set_post_client_hello_function(ctxt->session,
 …
     mgs_cache_session_init(ctxt);
-    /* Set this config for this connection */
-    ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
     /* Set pull, push & ptr functions */
     gnutls_transport_set_pull_function(ctxt->session,
 …
+}
+int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused))) {
+    mgs_srvconf_rec *sc;
+    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
+    sc = (mgs_srvconf_rec *) ap_get_module_config(c->base_server->module_config,
+            &gnutls_module);
+    if (sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) {
+int mgs_hook_pre_connection(conn_rec * c, void *csd __attribute__((unused)))
+{
+    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
+    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
+        ap_get_module_config(c->base_server->module_config, &gnutls_module);
+    mgs_handle_t *ctxt = (mgs_handle_t *)
+        ap_get_module_config(c->conn_config, &gnutls_module);
+    if ((sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE))
+        || (ctxt && ctxt->enabled == GNUTLS_ENABLED_FALSE))
+    {
+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s declined connection",
+                      __func__);
         return DECLINED;
+    }
 …
     apr_table_t *env = r->subprocess_env;
+    ctxt =
+            ap_get_module_config(r->connection->conn_config,
+            &gnutls_module);
+    if (!ctxt || ctxt->session == NULL) {
+    ctxt = ap_get_module_config(r->connection->conn_config,
+                                &gnutls_module);
+    if (!ctxt || ctxt->enabled != GNUTLS_ENABLED_TRUE || ctxt->session == NULL)
+    {
+        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "request declined in %s", __func__);
         return DECLINED;
+    }

src/mod_gnutls.c

-                      r259e835
+                      rc4a015b
 #include "mod_gnutls.h"
+static void gnutls_hooks(apr_pool_t * p __attribute__((unused))) {
+#ifdef APLOG_USE_MODULE
+APLOG_USE_MODULE(gnutls);
+#endif
+static void gnutls_hooks(apr_pool_t * p __attribute__((unused)))
+{
     /* Try Run Post-Config Hook After mod_proxy */
     static const char * const aszPre[] = { "mod_proxy.c", NULL };
 …
+}
+int ssl_engine_disable(conn_rec *c) {
+int ssl_engine_disable(conn_rec *c)
+{
     mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
             ap_get_module_config(c->base_server->module_config, &gnutls_module);
+        ap_get_module_config(c->base_server->module_config, &gnutls_module);
     if(sc->enabled == GNUTLS_ENABLED_FALSE) {
         return 1;
+    }
+    ap_remove_input_filter(c->input_filters);
+    ap_remove_input_filter(c->output_filters);
+    mgs_cleanup_pre_config(c->pool);
+    sc->enabled = 0;
+    /* disable TLS for this connection */
+    mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module);
+    if (ctxt == NULL)
+    {
+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__);
+        ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
+        ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
+    }
+    ctxt->enabled = GNUTLS_ENABLED_FALSE;
+    if (c->input_filters)
+        ap_remove_input_filter(c->input_filters);
+    if (c->output_filters)
+        ap_remove_output_filter(c->output_filters);
     return 1;
+}
 …
     mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
             ap_get_module_config(c->base_server->module_config, &gnutls_module);
     sc->proxy_enabled = 1;
     sc->enabled = 0;
+    sc->proxy_enabled = GNUTLS_ENABLED_TRUE;
+    sc->enabled = GNUTLS_ENABLED_FALSE;
     return 1;
+}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changes in / [259e835:c4a015b] in mod_gnutls

Legend:

Makefile.am

README

configure.ac

include/mod_gnutls.h.in

src/gnutls_hooks.c

src/mod_gnutls.c

Download in other formats: