Changeset cf2b905 in mod_gnutls for src


Ignore:
Timestamp:
Nov 16, 2013, 2:46:50 AM (6 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
e3cbda4
Parents:
fa45dcb
git-author:
Daniel Kahn Gillmor <dkg@…> (01/30/13 01:40:35)
git-committer:
Daniel Kahn Gillmor <dkg@…> (11/16/13 02:46:50)
Message:

MSVA: document and parse GnuTLSClientVerifyMethod directive

The directive currently doesn't do anything, but this commit makes it
a legal and parseable directive.

Location:
src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_config.c

    rfa45dcb rcf2b905  
    363363}
    364364
     365const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy,
     366        const char *arg) {
     367    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)ap_get_module_config(parms->server->module_config, &gnutls_module);
     368
     369    if (strcasecmp("cartel", arg) == 0) {
     370        sc->client_verify_method = mgs_cvm_cartel;
     371    } else if (strcasecmp("msva", arg) == 0) {
     372#ifdef ENABLE_MSVA
     373        sc->client_verify_method = mgs_cvm_msva;
     374#else
     375        return "GnuTLSClientVerifyMethod: msva is not supported";
     376#endif
     377    } else {
     378        return "GnuTLSClientVerifyMethod: Invalid argument";
     379    }
     380
     381    return NULL;
     382}
     383
    365384const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
    366385        const char *arg) {
     
    616635    sc->proxy_enabled = GNUTLS_ENABLED_UNSET;
    617636    sc->export_certificates_enabled = GNUTLS_ENABLED_UNSET;
     637    sc->client_verify_method = mgs_cvm_unset;
    618638   
    619639/* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */
     
    644664    gnutls_srvconf_merge(proxy_enabled, GNUTLS_ENABLED_UNSET);
    645665    gnutls_srvconf_merge(export_certificates_enabled, GNUTLS_ENABLED_UNSET);
     666    gnutls_srvconf_merge(client_verify_method, mgs_cvm_unset);
    646667    gnutls_srvconf_merge(client_verify_mode, -1);
    647668    gnutls_srvconf_merge(srp_tpasswd_file, NULL);
  • src/gnutls_hooks.c

    rfa45dcb rcf2b905  
    353353        if (sc->client_verify_mode ==  -1)
    354354            sc->client_verify_mode = GNUTLS_CERT_IGNORE;
     355        if (sc->client_verify_method ==  mgs_cvm_unset)
     356            sc->client_verify_method = mgs_cvm_cartel;
    355357
    356358
  • src/mod_gnutls.c

    rfa45dcb rcf2b905  
    105105    RSRC_CONF | OR_AUTHCFG,
    106106    "Set Verification Requirements of the Client Certificate"),
     107    AP_INIT_TAKE1("GnuTLSClientVerifyMethod", mgs_set_client_verify_method,
     108    NULL,
     109    RSRC_CONF,
     110    "Set Verification Method of the Client Certificate"),
    107111    AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file,
    108112    NULL,
Note: See TracChangeset for help on using the changeset viewer.