Changeset de3fad3 in mod_gnutls for include


Ignore:
Timestamp:
Oct 24, 2018, 12:56:08 PM (19 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
20c3f7b
Parents:
15368a4
Message:

Require handshake and request to use the same server

The new check prevents clients from establishing a TLS connection to
one virtual host and then requesting data from another. This is
particularly important for servers using TLS client authentication as
the only means of access control, because the server context for
certificate validation is selected based on the TLS connection.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    r15368a4 rde3fad3  
    431431int mgs_hook_fixups(request_rec *r);
    432432
     433/** Post request hook, checks if TLS connection and vhost match */
     434int mgs_req_vhost_check(request_rec *r);
     435
    433436int mgs_hook_authz(request_rec *r);
    434437
Note: See TracChangeset for help on using the changeset viewer.