- Timestamp:
- May 30, 2020, 4:40:53 PM (8 months ago)
- Branches:
- asyncio, master
- Children:
- 411d286
- Parents:
- b14f6ae
- Location:
- src
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
rb14f6ae rd827d0c 1168 1168 __func__, dump.size); 1169 1169 gnutls_free(dump.data); 1170 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c, 1171 "%s: cache key for the session ticket is %s", 1172 __func__, mgs_proxy_ticket_id(ctxt, NULL)); 1170 1173 return GNUTLS_E_SUCCESS; 1171 1174 } -
src/gnutls_proxy.c
rb14f6ae rd827d0c 1 1 /* 2 * Copyright 2015-20 19Fiona Klute2 * Copyright 2015-2020 Fiona Klute 3 3 * 4 4 * Licensed under the Apache License, Version 2.0 (the "License"); … … 294 294 295 295 296 static void proxy_conn_set_sni(mgs_handle_t *ctxt) 296 /** 297 * Returns either a valid hostname for use with SNI, or NULL. 298 */ 299 static const char *get_proxy_sni_name(mgs_handle_t *ctxt) 297 300 { 298 301 /* Get peer hostname from note left by mod_proxy */ 299 302 const char *peer_hostname = 300 303 apr_table_get(ctxt->c->notes, PROXY_SNI_NOTE); 304 301 305 /* Used only as target for apr_ipsubnet_create() */ 302 306 apr_ipsubnet_t *probe; 303 /* Check if the note is present (!= NULL) and NOT an IP304 * address*/305 if ((peer_hostname ) != NULL307 /* If the note is present (!= NULL) check that the value is NOT an 308 * IP address, which wouldn't be valid for SNI. */ 309 if ((peer_hostname != NULL) 306 310 && (apr_ipsubnet_create(&probe, peer_hostname, NULL, ctxt->c->pool) 307 != APR_SUCCESS)) 311 == APR_SUCCESS)) 312 return NULL; 313 314 return peer_hostname; 315 } 316 317 318 319 static void proxy_conn_set_sni(mgs_handle_t *ctxt) 320 { 321 const char *peer_hostname = get_proxy_sni_name(ctxt); 322 if (peer_hostname != NULL) 308 323 { 309 324 int ret = gnutls_server_name_set(ctxt->session, GNUTLS_NAME_DNS, … … 381 396 382 397 398 char *mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool) 399 { 400 apr_pool_t *tmp; 401 if (pool) 402 tmp = pool; 403 else 404 tmp = ctxt->c->pool; 405 406 /* c->client_addr->port and c->client_ip actually contain 407 * information on the remote server for outgoing proxy 408 * connections, prefer SNI hostname over IP. 409 * 410 * The server_hostname is used to tie the cache entry to a 411 * specific vhost, because different vhosts may have different 412 * settings for the same backend server. 413 */ 414 const char *peer_hostname = get_proxy_sni_name(ctxt); 415 return apr_psprintf( 416 tmp, "proxy:%s:%s:%d", 417 ctxt->c->base_server->server_hostname, 418 peer_hostname ? peer_hostname : ctxt->c->client_ip, 419 ctxt->c->client_addr->port); 420 } 421 422 423 383 424 void mgs_set_proxy_handshake_ext(mgs_handle_t *ctxt) 384 425 { -
src/gnutls_proxy.h
rb14f6ae rd827d0c 1 1 /* 2 * Copyright 2015-20 18Fiona Klute2 * Copyright 2015-2020 Fiona Klute 3 3 * 4 4 * Licensed under the Apache License, Version 2.0 (the "License"); … … 42 42 void mgs_set_proxy_handshake_ext(mgs_handle_t * ctxt); 43 43 44 /** 45 * Create a cache key for a session ticket of a proxy connection. 46 * 47 * @param ctxt The proxy connection handle (mod_gnutls is client) 48 * 49 * @param pool Pool to allocate the string from, if `NULL` the 50 * connection pool is used 51 * 52 * @return string to be used as cache key 53 */ 54 char *mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool); 55 44 56 #endif /* __MOD_GNUTLS_PROXY_H__ */
Note: See TracChangeset
for help on using the changeset viewer.