Changeset de3fad3 in mod_gnutls for src/mod_gnutls.c


Ignore:
Timestamp:
Oct 24, 2018, 12:56:08 PM (13 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master
Children:
20c3f7b
Parents:
15368a4
Message:

Require handshake and request to use the same server

The new check prevents clients from establishing a TLS connection to
one virtual host and then requesting data from another. This is
particularly important for servers using TLS client authentication as
the only means of access control, because the server context for
certificate validation is selected based on the TLS connection.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    r15368a4 rde3fad3  
    6868    /* Fixups Hook */
    6969    ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
     70
     71    /* Request hook: Check if TLS connection and request host match */
     72    ap_hook_post_read_request(mgs_req_vhost_check, NULL, NULL, APR_HOOK_MIDDLE);
    7073
    7174    /* TODO: HTTP Upgrade Filter */
Note: See TracChangeset for help on using the changeset viewer.