Changeset cf2b905 in mod_gnutls


Ignore:
Timestamp:
Nov 16, 2013, 2:46:50 AM (6 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
e3cbda4
Parents:
fa45dcb
git-author:
Daniel Kahn Gillmor <dkg@…> (01/30/13 01:40:35)
git-committer:
Daniel Kahn Gillmor <dkg@…> (11/16/13 02:46:50)
Message:

MSVA: document and parse GnuTLSClientVerifyMethod directive

The directive currently doesn't do anything, but this commit makes it
a legal and parseable directive.

Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    rfa45dcb rcf2b905  
    8181    mgs_cache_unset
    8282} mgs_cache_e;
     83
     84typedef enum {
     85    mgs_cvm_unset,
     86    mgs_cvm_cartel,
     87    mgs_cvm_msva
     88} mgs_client_verification_method_e;
     89
    8390
    8491/* Directory Configuration Record */
     
    140147        /* Client Certificate Verification Mode */
    141148    int client_verify_mode;
     149        /* Client Certificate Verification Method */
     150    mgs_client_verification_method_e client_verify_method;
    142151        /* Last Cache timestamp */
    143152    apr_time_t last_cache_check;
     
    340349                                  const char *arg);
    341350
     351const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy,
     352                                         const char *arg);
     353
    342354const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
    343355                                   const char *arg);
  • src/gnutls_config.c

    rfa45dcb rcf2b905  
    363363}
    364364
     365const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy,
     366        const char *arg) {
     367    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)ap_get_module_config(parms->server->module_config, &gnutls_module);
     368
     369    if (strcasecmp("cartel", arg) == 0) {
     370        sc->client_verify_method = mgs_cvm_cartel;
     371    } else if (strcasecmp("msva", arg) == 0) {
     372#ifdef ENABLE_MSVA
     373        sc->client_verify_method = mgs_cvm_msva;
     374#else
     375        return "GnuTLSClientVerifyMethod: msva is not supported";
     376#endif
     377    } else {
     378        return "GnuTLSClientVerifyMethod: Invalid argument";
     379    }
     380
     381    return NULL;
     382}
     383
    365384const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
    366385        const char *arg) {
     
    616635    sc->proxy_enabled = GNUTLS_ENABLED_UNSET;
    617636    sc->export_certificates_enabled = GNUTLS_ENABLED_UNSET;
     637    sc->client_verify_method = mgs_cvm_unset;
    618638   
    619639/* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */
     
    644664    gnutls_srvconf_merge(proxy_enabled, GNUTLS_ENABLED_UNSET);
    645665    gnutls_srvconf_merge(export_certificates_enabled, GNUTLS_ENABLED_UNSET);
     666    gnutls_srvconf_merge(client_verify_method, mgs_cvm_unset);
    646667    gnutls_srvconf_merge(client_verify_mode, -1);
    647668    gnutls_srvconf_merge(srp_tpasswd_file, NULL);
  • src/gnutls_hooks.c

    rfa45dcb rcf2b905  
    353353        if (sc->client_verify_mode ==  -1)
    354354            sc->client_verify_mode = GNUTLS_CERT_IGNORE;
     355        if (sc->client_verify_method ==  mgs_cvm_unset)
     356            sc->client_verify_method = mgs_cvm_cartel;
    355357
    356358
  • src/mod_gnutls.c

    rfa45dcb rcf2b905  
    105105    RSRC_CONF | OR_AUTHCFG,
    106106    "Set Verification Requirements of the Client Certificate"),
     107    AP_INIT_TAKE1("GnuTLSClientVerifyMethod", mgs_set_client_verify_method,
     108    NULL,
     109    RSRC_CONF,
     110    "Set Verification Method of the Client Certificate"),
    107111    AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file,
    108112    NULL,
Note: See TracChangeset for help on using the changeset viewer.