Changeset d04f7da in mod_gnutls
- Timestamp:
- Apr 7, 2015, 12:28:40 PM (8 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, proxy-ticket, upstream
- Children:
- 2cde026d
- Parents:
- 2cde8111
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
include/mod_gnutls.h.in
r2cde8111 rd04f7da 170 170 /* OpenPGP Certificate Private Key */ 171 171 gnutls_privkey_t privkey_pgp; 172 /* Internal structure for the OpenPGP private key. DO NOT USE 173 * outside key loading. */ 172 #if GNUTLS_VERSION_NUMBER < 0x030312 173 /* Internal structure for the OpenPGP private key, used in the 174 * workaround for a bug in gnutls_privkey_import_openpgp_raw that 175 * frees memory that is still needed. DO NOT USE for any other 176 * purpose. */ 174 177 gnutls_openpgp_privkey_t privkey_pgp_internal; 178 #endif 175 179 176 180 /* Export full certificates to CGI environment: */ -
src/gnutls_config.c
r2cde8111 rd04f7da 422 422 } 423 423 424 /* Theoretically, this chain of gnutls_openpgp_privkey_init, 424 #if GNUTLS_VERSION_NUMBER < 0x030312 425 /* GnuTLS versions before 3.3.12 contain a bug in 426 * gnutls_privkey_import_openpgp_raw which frees data that is 427 * accessed when the key is used, leading to segfault. Loading 428 * the key into a gnutls_openpgp_privkey_t and then assigning 429 * it to the gnutls_privkey_t works around the bug, hence this 430 * chain of gnutls_openpgp_privkey_init, 425 431 * gnutls_openpgp_privkey_import and 426 * gnutls_privkey_import_openpgp could be replaced with one 427 * call to gnutls_privkey_import_openpgp_raw as shown 428 * below. However, that led to a segfault during handshake 429 * which disappeared with the three step method. 430 * 431 * ret = gnutls_privkey_import_openpgp_raw(sc->privkey_pgp, &data, 432 * GNUTLS_OPENPGP_FMT_BASE64, 433 * NULL, NULL); */ 432 * gnutls_privkey_import_openpgp. */ 434 433 ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp_internal); 435 434 if (ret != 0) { … … 464 463 goto cleanup; 465 464 } 465 #else 466 ret = gnutls_privkey_import_openpgp_raw(sc->privkey_pgp, &data, 467 GNUTLS_OPENPGP_FMT_BASE64, 468 NULL, NULL); 469 if (ret != 0) 470 { 471 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 472 "GnuTLS: Failed to Import " 473 "PGP Private Key '%s': (%d) %s", 474 sc->pgp_key_file, ret, gnutls_strerror(ret)); 475 ret = -1; 476 goto cleanup; 477 } 478 #endif 466 479 } 467 480 -
src/gnutls_hooks.c
r2cde8111 rd04f7da 369 369 * https://lists.gnupg.org/pipermail/gnutls-devel/2015-January/007377.html 370 370 * Workaround from: 371 * https://github.com/vanrein/tlspool/commit/4938102d3d1b086491d147e6c8e4e2a02825fc12 372 * 373 * TODO: add appropriate version guards */ 371 * https://github.com/vanrein/tlspool/commit/4938102d3d1b086491d147e6c8e4e2a02825fc12 */ 374 372 #if GNUTLS_VERSION_NUMBER < 0x030312 375 373 gnutls_certificate_set_retrieve_function(sc->certs, (void *) exit);
Note: See TracChangeset
for help on using the changeset viewer.