Changeset cf2b905 in mod_gnutls for src/gnutls_config.c

Timestamp:

Nov 16, 2013, 2:46:50 AM (6 years ago)

Author:

Daniel Kahn Gillmor <dkg@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, upstream

Children:

e3cbda4

Parents:

fa45dcb

git-author:

Daniel Kahn Gillmor <dkg@…> (01/30/13 01:40:35)

git-committer:

Daniel Kahn Gillmor <dkg@…> (11/16/13 02:46:50)

Message:

MSVA: document and parse GnuTLSClientVerifyMethod directive

The directive currently doesn't do anything, but this commit makes it
a legal and parseable directive.

File:

• src/gnutls_config.c (modified) (3 diffs)

src/gnutls_config.c

@@ -363 +363 @@
 }
 
+const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy,
+        const char *arg) {
+    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)ap_get_module_config(parms->server->module_config, &gnutls_module);
+
+    if (strcasecmp("cartel", arg) == 0) {
+        sc->client_verify_method = mgs_cvm_cartel;
+    } else if (strcasecmp("msva", arg) == 0) {
+#ifdef ENABLE_MSVA
+        sc->client_verify_method = mgs_cvm_msva;
+#else
+        return "GnuTLSClientVerifyMethod: msva is not supported";
+#endif
+    } else {
+        return "GnuTLSClientVerifyMethod: Invalid argument";
+    }
+
+    return NULL;
+}
+
 const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
         const char *arg) {
@@ -616 +635 @@
     sc->proxy_enabled = GNUTLS_ENABLED_UNSET;
     sc->export_certificates_enabled = GNUTLS_ENABLED_UNSET;
+    sc->client_verify_method = mgs_cvm_unset; 
     
 /* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */
@@ -644 +664 @@
     gnutls_srvconf_merge(proxy_enabled, GNUTLS_ENABLED_UNSET);
     gnutls_srvconf_merge(export_certificates_enabled, GNUTLS_ENABLED_UNSET);
+    gnutls_srvconf_merge(client_verify_method, mgs_cvm_unset);
     gnutls_srvconf_merge(client_verify_mode, -1);
     gnutls_srvconf_merge(srp_tpasswd_file, NULL);