Changeset cf2b905 in mod_gnutls
- Timestamp:
- Nov 16, 2013, 2:46:50 AM (9 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream
- Children:
- e3cbda4
- Parents:
- fa45dcb
- git-author:
- Daniel Kahn Gillmor <dkg@…> (01/30/13 01:40:35)
- git-committer:
- Daniel Kahn Gillmor <dkg@…> (11/16/13 02:46:50)
- Files:
-
- 1 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
include/mod_gnutls.h.in
rfa45dcb rcf2b905 81 81 mgs_cache_unset 82 82 } mgs_cache_e; 83 84 typedef enum { 85 mgs_cvm_unset, 86 mgs_cvm_cartel, 87 mgs_cvm_msva 88 } mgs_client_verification_method_e; 89 83 90 84 91 /* Directory Configuration Record */ … … 140 147 /* Client Certificate Verification Mode */ 141 148 int client_verify_mode; 149 /* Client Certificate Verification Method */ 150 mgs_client_verification_method_e client_verify_method; 142 151 /* Last Cache timestamp */ 143 152 apr_time_t last_cache_check; … … 340 349 const char *arg); 341 350 351 const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy, 352 const char *arg); 353 342 354 const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy, 343 355 const char *arg); -
src/gnutls_config.c
rfa45dcb rcf2b905 363 363 } 364 364 365 const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy, 366 const char *arg) { 367 mgs_srvconf_rec *sc = (mgs_srvconf_rec *)ap_get_module_config(parms->server->module_config, &gnutls_module); 368 369 if (strcasecmp("cartel", arg) == 0) { 370 sc->client_verify_method = mgs_cvm_cartel; 371 } else if (strcasecmp("msva", arg) == 0) { 372 #ifdef ENABLE_MSVA 373 sc->client_verify_method = mgs_cvm_msva; 374 #else 375 return "GnuTLSClientVerifyMethod: msva is not supported"; 376 #endif 377 } else { 378 return "GnuTLSClientVerifyMethod: Invalid argument"; 379 } 380 381 return NULL; 382 } 383 365 384 const char *mgs_set_client_verify(cmd_parms * parms, void *dummy, 366 385 const char *arg) { … … 616 635 sc->proxy_enabled = GNUTLS_ENABLED_UNSET; 617 636 sc->export_certificates_enabled = GNUTLS_ENABLED_UNSET; 637 sc->client_verify_method = mgs_cvm_unset; 618 638 619 639 /* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */ … … 644 664 gnutls_srvconf_merge(proxy_enabled, GNUTLS_ENABLED_UNSET); 645 665 gnutls_srvconf_merge(export_certificates_enabled, GNUTLS_ENABLED_UNSET); 666 gnutls_srvconf_merge(client_verify_method, mgs_cvm_unset); 646 667 gnutls_srvconf_merge(client_verify_mode, -1); 647 668 gnutls_srvconf_merge(srp_tpasswd_file, NULL); -
src/gnutls_hooks.c
rfa45dcb rcf2b905 353 353 if (sc->client_verify_mode == -1) 354 354 sc->client_verify_mode = GNUTLS_CERT_IGNORE; 355 if (sc->client_verify_method == mgs_cvm_unset) 356 sc->client_verify_method = mgs_cvm_cartel; 355 357 356 358 -
src/mod_gnutls.c
rfa45dcb rcf2b905 105 105 RSRC_CONF | OR_AUTHCFG, 106 106 "Set Verification Requirements of the Client Certificate"), 107 AP_INIT_TAKE1("GnuTLSClientVerifyMethod", mgs_set_client_verify_method, 108 NULL, 109 RSRC_CONF, 110 "Set Verification Method of the Client Certificate"), 107 111 AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file, 108 112 NULL,
Note: See TracChangeset
for help on using the changeset viewer.