Changeset e02dd8c in mod_gnutls for src/gnutls_config.c
- Timestamp:
- Oct 25, 2010, 3:21:04 PM (9 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream
- Children:
- b59327c
- Parents:
- 62def2f
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_config.c
r62def2f re02dd8c 22 22 const char *file, gnutls_datum_t * data) 23 23 { 24 25 26 27 28 29 rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT,30 31 32 return rv;33 34 35 36 37 38 return rv;39 40 41 42 43 44 45 return rv;46 47 48 49 50 51 52 24 apr_file_t *fp; 25 apr_finfo_t finfo; 26 apr_status_t rv; 27 apr_size_t br = 0; 28 29 rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, 30 APR_OS_DEFAULT, pool); 31 if (rv != APR_SUCCESS) { 32 return rv; 33 } 34 35 rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); 36 37 if (rv != APR_SUCCESS) { 38 return rv; 39 } 40 41 data->data = apr_palloc(pool, finfo.size + 1); 42 rv = apr_file_read_full(fp, data->data, finfo.size, &br); 43 44 if (rv != APR_SUCCESS) { 45 return rv; 46 } 47 apr_file_close(fp); 48 49 data->data[br] = '\0'; 50 data->size = br; 51 52 return 0; 53 53 } 54 54 … … 56 56 const char *arg) 57 57 { 58 int ret; 59 gnutls_datum_t data; 60 const char *file; 61 apr_pool_t *spool; 62 mgs_srvconf_rec *sc = 63 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 64 module_config, 65 &gnutls_module); 66 67 apr_pool_create(&spool, parms->pool); 68 69 file = ap_server_root_relative(spool, arg); 70 71 if (load_datum_from_file(spool, file, &data) != 0) { 72 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 73 "DH params '%s'", file); 74 } 75 76 ret = gnutls_dh_params_init(&sc->dh_params); 77 if (ret < 0) { 78 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 79 ": (%d) %s", ret, gnutls_strerror(ret)); 80 } 81 82 ret = 83 gnutls_dh_params_import_pkcs3(sc->dh_params, &data, GNUTLS_X509_FMT_PEM); 84 if (ret < 0) { 85 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 86 "DH params '%s': (%d) %s", file, ret, 87 gnutls_strerror(ret)); 88 } 89 90 apr_pool_destroy(spool); 91 92 return NULL; 58 int ret; 59 gnutls_datum_t data; 60 const char *file; 61 apr_pool_t *spool; 62 mgs_srvconf_rec *sc = 63 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 64 module_config, 65 &gnutls_module); 66 67 apr_pool_create(&spool, parms->pool); 68 69 file = ap_server_root_relative(spool, arg); 70 71 if (load_datum_from_file(spool, file, &data) != 0) { 72 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 73 "DH params '%s'", file); 74 } 75 76 ret = gnutls_dh_params_init(&sc->dh_params); 77 if (ret < 0) { 78 return apr_psprintf(parms->pool, 79 "GnuTLS: Failed to initialize" 80 ": (%d) %s", ret, 81 gnutls_strerror(ret)); 82 } 83 84 ret = 85 gnutls_dh_params_import_pkcs3(sc->dh_params, &data, 86 GNUTLS_X509_FMT_PEM); 87 if (ret < 0) { 88 return apr_psprintf(parms->pool, 89 "GnuTLS: Failed to Import " 90 "DH params '%s': (%d) %s", file, ret, 91 gnutls_strerror(ret)); 92 } 93 94 apr_pool_destroy(spool); 95 96 return NULL; 93 97 } 94 98 … … 96 100 const char *arg) 97 101 { 98 int ret; 99 gnutls_datum_t data; 100 const char *file; 101 apr_pool_t *spool; 102 mgs_srvconf_rec *sc = 103 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 104 module_config, 105 &gnutls_module); 106 107 apr_pool_create(&spool, parms->pool); 108 109 file = ap_server_root_relative(spool, arg); 110 111 if (load_datum_from_file(spool, file, &data) != 0) { 112 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 113 "RSA params '%s'", file); 114 } 115 116 ret = gnutls_rsa_params_init(&sc->rsa_params); 117 if (ret < 0) { 118 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 119 ": (%d) %s", ret, gnutls_strerror(ret)); 120 } 121 122 ret = 123 gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, GNUTLS_X509_FMT_PEM); 124 if (ret != 0) { 125 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 126 "RSA params '%s': (%d) %s", file, ret, 127 gnutls_strerror(ret)); 128 } 129 130 apr_pool_destroy(spool); 131 return NULL; 102 int ret; 103 gnutls_datum_t data; 104 const char *file; 105 apr_pool_t *spool; 106 mgs_srvconf_rec *sc = 107 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 108 module_config, 109 &gnutls_module); 110 111 apr_pool_create(&spool, parms->pool); 112 113 file = ap_server_root_relative(spool, arg); 114 115 if (load_datum_from_file(spool, file, &data) != 0) { 116 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 117 "RSA params '%s'", file); 118 } 119 120 ret = gnutls_rsa_params_init(&sc->rsa_params); 121 if (ret < 0) { 122 return apr_psprintf(parms->pool, 123 "GnuTLS: Failed to initialize" 124 ": (%d) %s", ret, 125 gnutls_strerror(ret)); 126 } 127 128 ret = 129 gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, 130 GNUTLS_X509_FMT_PEM); 131 if (ret != 0) { 132 return apr_psprintf(parms->pool, 133 "GnuTLS: Failed to Import " 134 "RSA params '%s': (%d) %s", file, ret, 135 gnutls_strerror(ret)); 136 } 137 138 apr_pool_destroy(spool); 139 return NULL; 132 140 } 133 141 … … 136 144 const char *arg) 137 145 { 138 int ret; 139 gnutls_datum_t data; 140 const char *file; 141 apr_pool_t *spool; 142 mgs_srvconf_rec *sc = 143 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 144 module_config, 145 &gnutls_module); 146 apr_pool_create(&spool, parms->pool); 147 148 file = ap_server_root_relative(spool, arg); 149 150 if (load_datum_from_file(spool, file, &data) != 0) { 151 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 152 "Certificate '%s'", file); 153 } 154 155 sc->certs_x509_num = MAX_CHAIN_SIZE; 156 ret = 157 gnutls_x509_crt_list_import(sc->certs_x509, &sc->certs_x509_num, &data, GNUTLS_X509_FMT_PEM, 0); 158 if (ret < 0) { 159 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 160 "Certificate '%s': (%d) %s", file, ret, 161 gnutls_strerror(ret)); 162 } 163 164 apr_pool_destroy(spool); 165 return NULL; 146 int ret; 147 gnutls_datum_t data; 148 const char *file; 149 apr_pool_t *spool; 150 mgs_srvconf_rec *sc = 151 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 152 module_config, 153 &gnutls_module); 154 apr_pool_create(&spool, parms->pool); 155 156 file = ap_server_root_relative(spool, arg); 157 158 if (load_datum_from_file(spool, file, &data) != 0) { 159 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 160 "Certificate '%s'", file); 161 } 162 163 sc->certs_x509_num = MAX_CHAIN_SIZE; 164 ret = 165 gnutls_x509_crt_list_import(sc->certs_x509, 166 &sc->certs_x509_num, &data, 167 GNUTLS_X509_FMT_PEM, 0); 168 if (ret < 0) { 169 return apr_psprintf(parms->pool, 170 "GnuTLS: Failed to Import " 171 "Certificate '%s': (%d) %s", file, ret, 172 gnutls_strerror(ret)); 173 } 174 175 apr_pool_destroy(spool); 176 return NULL; 166 177 } 167 178 … … 169 180 const char *arg) 170 181 { 171 int ret; 172 gnutls_datum_t data; 173 const char *file; 174 apr_pool_t *spool; 175 mgs_srvconf_rec *sc = 176 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 177 module_config, 178 &gnutls_module); 179 apr_pool_create(&spool, parms->pool); 180 181 file = ap_server_root_relative(spool, arg); 182 183 if (load_datum_from_file(spool, file, &data) != 0) { 184 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 185 "Private Key '%s'", file); 186 } 187 188 ret = gnutls_x509_privkey_init(&sc->privkey_x509); 189 if (ret < 0) { 190 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 191 ": (%d) %s", ret, gnutls_strerror(ret)); 192 } 193 194 ret = 195 gnutls_x509_privkey_import(sc->privkey_x509, &data, 196 GNUTLS_X509_FMT_PEM); 197 198 if (ret < 0) 199 ret = gnutls_x509_privkey_import_pkcs8 (sc->privkey_x509, &data, GNUTLS_X509_FMT_PEM, 200 NULL, GNUTLS_PKCS_PLAIN); 201 202 if (ret < 0) { 203 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 204 "Private Key '%s': (%d) %s", file, ret, 205 gnutls_strerror(ret)); 206 } 207 apr_pool_destroy(spool); 208 return NULL; 182 int ret; 183 gnutls_datum_t data; 184 const char *file; 185 apr_pool_t *spool; 186 mgs_srvconf_rec *sc = 187 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 188 module_config, 189 &gnutls_module); 190 apr_pool_create(&spool, parms->pool); 191 192 file = ap_server_root_relative(spool, arg); 193 194 if (load_datum_from_file(spool, file, &data) != 0) { 195 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 196 "Private Key '%s'", file); 197 } 198 199 ret = gnutls_x509_privkey_init(&sc->privkey_x509); 200 if (ret < 0) { 201 return apr_psprintf(parms->pool, 202 "GnuTLS: Failed to initialize" 203 ": (%d) %s", ret, 204 gnutls_strerror(ret)); 205 } 206 207 ret = 208 gnutls_x509_privkey_import(sc->privkey_x509, &data, 209 GNUTLS_X509_FMT_PEM); 210 211 if (ret < 0) 212 ret = 213 gnutls_x509_privkey_import_pkcs8(sc->privkey_x509, 214 &data, 215 GNUTLS_X509_FMT_PEM, 216 NULL, 217 GNUTLS_PKCS_PLAIN); 218 219 if (ret < 0) { 220 return apr_psprintf(parms->pool, 221 "GnuTLS: Failed to Import " 222 "Private Key '%s': (%d) %s", file, ret, 223 gnutls_strerror(ret)); 224 } 225 apr_pool_destroy(spool); 226 return NULL; 209 227 } 210 228 211 229 const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy, 212 const char *arg) 213 { 214 int ret; 215 gnutls_datum_t data; 216 const char *file; 217 apr_pool_t *spool; 218 mgs_srvconf_rec *sc = 219 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 220 module_config, 221 &gnutls_module); 222 apr_pool_create(&spool, parms->pool); 223 224 file = ap_server_root_relative(spool, arg); 225 226 if (load_datum_from_file(spool, file, &data) != 0) { 227 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 228 "Certificate '%s'", file); 229 } 230 231 ret = gnutls_openpgp_crt_init( &sc->cert_pgp); 232 if (ret < 0) { 233 return apr_psprintf(parms->pool, "GnuTLS: Failed to Init " 234 "PGP Certificate: (%d) %s", ret, 235 gnutls_strerror(ret)); 236 } 237 238 ret = 239 gnutls_openpgp_crt_import(sc->cert_pgp, &data, GNUTLS_OPENPGP_FMT_BASE64); 240 if (ret < 0) { 241 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 242 "PGP Certificate '%s': (%d) %s", file, ret, 243 gnutls_strerror(ret)); 244 } 245 246 apr_pool_destroy(spool); 247 return NULL; 230 const char *arg) 231 { 232 int ret; 233 gnutls_datum_t data; 234 const char *file; 235 apr_pool_t *spool; 236 mgs_srvconf_rec *sc = 237 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 238 module_config, 239 &gnutls_module); 240 apr_pool_create(&spool, parms->pool); 241 242 file = ap_server_root_relative(spool, arg); 243 244 if (load_datum_from_file(spool, file, &data) != 0) { 245 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 246 "Certificate '%s'", file); 247 } 248 249 ret = gnutls_openpgp_crt_init(&sc->cert_pgp); 250 if (ret < 0) { 251 return apr_psprintf(parms->pool, "GnuTLS: Failed to Init " 252 "PGP Certificate: (%d) %s", ret, 253 gnutls_strerror(ret)); 254 } 255 256 ret = 257 gnutls_openpgp_crt_import(sc->cert_pgp, &data, 258 GNUTLS_OPENPGP_FMT_BASE64); 259 if (ret < 0) { 260 return apr_psprintf(parms->pool, 261 "GnuTLS: Failed to Import " 262 "PGP Certificate '%s': (%d) %s", file, 263 ret, gnutls_strerror(ret)); 264 } 265 266 apr_pool_destroy(spool); 267 return NULL; 248 268 } 249 269 250 270 const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy, 251 const char *arg) 252 { 253 int ret; 254 gnutls_datum_t data; 255 const char *file; 256 apr_pool_t *spool; 257 mgs_srvconf_rec *sc = 258 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 259 module_config, 260 &gnutls_module); 261 apr_pool_create(&spool, parms->pool); 262 263 file = ap_server_root_relative(spool, arg); 264 265 if (load_datum_from_file(spool, file, &data) != 0) { 266 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 267 "Private Key '%s'", file); 268 } 269 270 ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp); 271 if (ret < 0) { 272 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 273 ": (%d) %s", ret, gnutls_strerror(ret)); 274 } 275 276 ret = 277 gnutls_openpgp_privkey_import(sc->privkey_pgp, &data, 278 GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); 279 if (ret != 0) { 280 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 281 "PGP Private Key '%s': (%d) %s", file, ret, 282 gnutls_strerror(ret)); 283 } 284 apr_pool_destroy(spool); 285 return NULL; 271 const char *arg) 272 { 273 int ret; 274 gnutls_datum_t data; 275 const char *file; 276 apr_pool_t *spool; 277 mgs_srvconf_rec *sc = 278 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 279 module_config, 280 &gnutls_module); 281 apr_pool_create(&spool, parms->pool); 282 283 file = ap_server_root_relative(spool, arg); 284 285 if (load_datum_from_file(spool, file, &data) != 0) { 286 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 287 "Private Key '%s'", file); 288 } 289 290 ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp); 291 if (ret < 0) { 292 return apr_psprintf(parms->pool, 293 "GnuTLS: Failed to initialize" 294 ": (%d) %s", ret, 295 gnutls_strerror(ret)); 296 } 297 298 ret = 299 gnutls_openpgp_privkey_import(sc->privkey_pgp, &data, 300 GNUTLS_OPENPGP_FMT_BASE64, NULL, 301 0); 302 if (ret != 0) { 303 return apr_psprintf(parms->pool, 304 "GnuTLS: Failed to Import " 305 "PGP Private Key '%s': (%d) %s", file, 306 ret, gnutls_strerror(ret)); 307 } 308 apr_pool_destroy(spool); 309 return NULL; 286 310 } 287 311 288 312 const char *mgs_set_tickets(cmd_parms * parms, void *dummy, 289 290 { 291 292 (mgs_srvconf_rec *) ap_get_module_config(parms->server->293 module_config,294 &gnutls_module);295 296 297 298 sc->tickets = 1;299 300 301 313 const char *arg) 314 { 315 mgs_srvconf_rec *sc = 316 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 317 module_config, 318 &gnutls_module); 319 320 sc->tickets = 0; 321 if (strcasecmp("on", arg) == 0) { 322 sc->tickets = 1; 323 } 324 325 return NULL; 302 326 } 303 327 … … 308 332 const char *arg) 309 333 { 310 311 (mgs_srvconf_rec *) ap_get_module_config(parms->server->312 module_config,313 &gnutls_module);314 315 316 317 334 mgs_srvconf_rec *sc = 335 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 336 module_config, 337 &gnutls_module); 338 339 sc->srp_tpasswd_file = ap_server_root_relative(parms->pool, arg); 340 341 return NULL; 318 342 } 319 343 … … 321 345 const char *arg) 322 346 { 323 mgs_srvconf_rec *sc = 324 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 325 module_config, 326 &gnutls_module); 327 328 sc->srp_tpasswd_conf_file = ap_server_root_relative(parms->pool, arg); 329 330 return NULL; 347 mgs_srvconf_rec *sc = 348 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 349 module_config, 350 &gnutls_module); 351 352 sc->srp_tpasswd_conf_file = 353 ap_server_root_relative(parms->pool, arg); 354 355 return NULL; 331 356 } 332 357 … … 336 361 const char *type, const char *arg) 337 362 { 338 const char *err; 339 mgs_srvconf_rec *sc = ap_get_module_config(parms->server-> 340 module_config, 341 &gnutls_module); 342 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) { 343 return err; 344 } 345 346 if (strcasecmp("none", type) == 0) { 347 sc->cache_type = mgs_cache_none; 348 } else if (strcasecmp("dbm", type) == 0) { 349 sc->cache_type = mgs_cache_dbm; 350 } 351 else if (strcasecmp("gdbm", type) == 0) { 352 sc->cache_type = mgs_cache_gdbm; 353 } 363 const char *err; 364 mgs_srvconf_rec *sc = 365 ap_get_module_config(parms->server->module_config, 366 &gnutls_module); 367 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) { 368 return err; 369 } 370 371 if (strcasecmp("none", type) == 0) { 372 sc->cache_type = mgs_cache_none; 373 } else if (strcasecmp("dbm", type) == 0) { 374 sc->cache_type = mgs_cache_dbm; 375 } else if (strcasecmp("gdbm", type) == 0) { 376 sc->cache_type = mgs_cache_gdbm; 377 } 354 378 #if HAVE_APR_MEMCACHE 355 356 sc->cache_type = mgs_cache_memcache;357 379 else if (strcasecmp("memcache", type) == 0) { 380 sc->cache_type = mgs_cache_memcache; 381 } 358 382 #endif 359 else { 360 return "Invalid Type for GnuTLSCache!"; 361 } 362 363 if (sc->cache_type == mgs_cache_dbm || sc->cache_type == mgs_cache_gdbm) { 364 sc->cache_config = ap_server_root_relative(parms->pool, arg); 365 } else { 366 sc->cache_config = apr_pstrdup(parms->pool, arg); 367 } 368 369 return NULL; 383 else { 384 return "Invalid Type for GnuTLSCache!"; 385 } 386 387 if (sc->cache_type == mgs_cache_dbm 388 || sc->cache_type == mgs_cache_gdbm) { 389 sc->cache_config = 390 ap_server_root_relative(parms->pool, arg); 391 } else { 392 sc->cache_config = apr_pstrdup(parms->pool, arg); 393 } 394 395 return NULL; 370 396 } 371 397 … … 373 399 const char *arg) 374 400 { 375 376 377 (mgs_srvconf_rec *) ap_get_module_config(parms->server->378 module_config,379 &gnutls_module);380 381 382 383 384 return "GnuTLSCacheTimeout: Invalid argument";385 386 sc->cache_timeout = 0;387 388 sc->cache_timeout = apr_time_from_sec(argint);389 390 391 401 int argint; 402 mgs_srvconf_rec *sc = 403 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 404 module_config, 405 &gnutls_module); 406 407 argint = atoi(arg); 408 409 if (argint < 0) { 410 return "GnuTLSCacheTimeout: Invalid argument"; 411 } else if (argint == 0) { 412 sc->cache_timeout = 0; 413 } else { 414 sc->cache_timeout = apr_time_from_sec(argint); 415 } 416 417 return NULL; 392 418 } 393 419 … … 395 421 const char *arg) 396 422 { 397 398 399 400 mode = GNUTLS_CERT_IGNORE;401 402 403 mode = GNUTLS_CERT_REQUEST;404 405 mode = GNUTLS_CERT_REQUIRE;406 407 return "GnuTLSClientVerify: Invalid argument";408 409 410 411 412 mgs_dirconf_rec *dc = (mgs_dirconf_rec *) dummy;413 dc->client_verify_mode = mode;414 415 mgs_srvconf_rec *sc =416 (mgs_srvconf_rec *) ap_get_module_config(parms->server->417 418 419 sc->client_verify_mode = mode;420 421 422 423 int mode; 424 425 if (strcasecmp("none", arg) == 0 || strcasecmp("ignore", arg) == 0) { 426 mode = GNUTLS_CERT_IGNORE; 427 } else if (strcasecmp("optional", arg) == 0 428 || strcasecmp("request", arg) == 0) { 429 mode = GNUTLS_CERT_REQUEST; 430 } else if (strcasecmp("require", arg) == 0) { 431 mode = GNUTLS_CERT_REQUIRE; 432 } else { 433 return "GnuTLSClientVerify: Invalid argument"; 434 } 435 436 /* This was set from a directory context */ 437 if (parms->path) { 438 mgs_dirconf_rec *dc = (mgs_dirconf_rec *) dummy; 439 dc->client_verify_mode = mode; 440 } else { 441 mgs_srvconf_rec *sc = 442 (mgs_srvconf_rec *) 443 ap_get_module_config(parms->server->module_config, 444 &gnutls_module); 445 sc->client_verify_mode = mode; 446 } 447 448 return NULL; 423 449 } 424 450 … … 427 453 const char *arg) 428 454 { 429 int rv; 430 const char *file; 431 apr_pool_t *spool; 432 gnutls_datum_t data; 433 434 mgs_srvconf_rec *sc = 435 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 436 module_config, 437 &gnutls_module); 438 apr_pool_create(&spool, parms->pool); 439 440 file = ap_server_root_relative(spool, arg); 441 442 if (load_datum_from_file(spool, file, &data) != 0) { 443 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 444 "Client CA File '%s'", file); 445 } 446 447 sc->ca_list_size = INIT_CA_SIZE; 448 sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list)); 449 if (sc->ca_list == NULL) { 450 return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error"); 451 } 452 453 rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size, 454 &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); 455 if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) { 456 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 457 "Client CA File '%s': (%d) %s", file, rv, 458 gnutls_strerror(rv)); 459 } 460 461 if (INIT_CA_SIZE < sc->ca_list_size) { 462 sc->ca_list = realloc(sc->ca_list, sc->ca_list_size*sizeof(*sc->ca_list)); 463 if (sc->ca_list == NULL) { 464 return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error"); 465 } 466 467 /* re-read */ 468 rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size, 469 &data, GNUTLS_X509_FMT_PEM, 0); 470 471 if (rv < 0) { 472 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 473 "Client CA File '%s': (%d) %s", file, rv, 474 gnutls_strerror(rv)); 475 } 476 } 477 478 apr_pool_destroy(spool); 479 return NULL; 455 int rv; 456 const char *file; 457 apr_pool_t *spool; 458 gnutls_datum_t data; 459 460 mgs_srvconf_rec *sc = 461 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 462 module_config, 463 &gnutls_module); 464 apr_pool_create(&spool, parms->pool); 465 466 file = ap_server_root_relative(spool, arg); 467 468 if (load_datum_from_file(spool, file, &data) != 0) { 469 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 470 "Client CA File '%s'", file); 471 } 472 473 sc->ca_list_size = INIT_CA_SIZE; 474 sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list)); 475 if (sc->ca_list == NULL) { 476 return apr_psprintf(parms->pool, 477 "mod_gnutls: Memory allocation error"); 478 } 479 480 rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size, 481 &data, GNUTLS_X509_FMT_PEM, 482 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); 483 if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) { 484 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 485 "Client CA File '%s': (%d) %s", file, 486 rv, gnutls_strerror(rv)); 487 } 488 489 if (INIT_CA_SIZE < sc->ca_list_size) { 490 sc->ca_list = 491 realloc(sc->ca_list, 492 sc->ca_list_size * sizeof(*sc->ca_list)); 493 if (sc->ca_list == NULL) { 494 return apr_psprintf(parms->pool, 495 "mod_gnutls: Memory allocation error"); 496 } 497 498 /* re-read */ 499 rv = gnutls_x509_crt_list_import(sc->ca_list, 500 &sc->ca_list_size, &data, 501 GNUTLS_X509_FMT_PEM, 0); 502 503 if (rv < 0) { 504 return apr_psprintf(parms->pool, 505 "GnuTLS: Failed to load " 506 "Client CA File '%s': (%d) %s", 507 file, rv, gnutls_strerror(rv)); 508 } 509 } 510 511 apr_pool_destroy(spool); 512 return NULL; 480 513 } 481 514 482 515 const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy, 483 const char *arg) 484 { 485 int rv; 486 const char *file; 487 apr_pool_t *spool; 488 gnutls_datum_t data; 489 490 mgs_srvconf_rec *sc = 491 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 492 module_config, 493 &gnutls_module); 494 apr_pool_create(&spool, parms->pool); 495 496 file = ap_server_root_relative(spool, arg); 497 498 if (load_datum_from_file(spool, file, &data) != 0) { 499 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 500 "Keyring File '%s'", file); 501 } 502 503 rv = gnutls_openpgp_keyring_init(&sc->pgp_list); 504 if (rv < 0) { 505 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 506 "keyring: (%d) %s", rv, gnutls_strerror(rv)); 507 } 508 509 rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data, GNUTLS_OPENPGP_FMT_BASE64); 510 if (rv < 0) { 511 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 512 "Keyring File '%s': (%d) %s", file, rv, 513 gnutls_strerror(rv)); 514 } 515 516 apr_pool_destroy(spool); 517 return NULL; 516 const char *arg) 517 { 518 int rv; 519 const char *file; 520 apr_pool_t *spool; 521 gnutls_datum_t data; 522 523 mgs_srvconf_rec *sc = 524 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 525 module_config, 526 &gnutls_module); 527 apr_pool_create(&spool, parms->pool); 528 529 file = ap_server_root_relative(spool, arg); 530 531 if (load_datum_from_file(spool, file, &data) != 0) { 532 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 533 "Keyring File '%s'", file); 534 } 535 536 rv = gnutls_openpgp_keyring_init(&sc->pgp_list); 537 if (rv < 0) { 538 return apr_psprintf(parms->pool, 539 "GnuTLS: Failed to initialize" 540 "keyring: (%d) %s", rv, 541 gnutls_strerror(rv)); 542 } 543 544 rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data, 545 GNUTLS_OPENPGP_FMT_BASE64); 546 if (rv < 0) { 547 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 548 "Keyring File '%s': (%d) %s", file, rv, 549 gnutls_strerror(rv)); 550 } 551 552 apr_pool_destroy(spool); 553 return NULL; 518 554 } 519 555 … … 521 557 const char *arg) 522 558 { 523 mgs_srvconf_rec *sc = 524 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 525 module_config, 526 &gnutls_module); 527 if (!strcasecmp(arg, "On")) { 528 sc->enabled = GNUTLS_ENABLED_TRUE; 529 } else if (!strcasecmp(arg, "Off")) { 559 mgs_srvconf_rec *sc = 560 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 561 module_config, 562 &gnutls_module); 563 if (!strcasecmp(arg, "On")) { 564 sc->enabled = GNUTLS_ENABLED_TRUE; 565 } else if (!strcasecmp(arg, "Off")) { 566 sc->enabled = GNUTLS_ENABLED_FALSE; 567 } else { 568 return "GnuTLSEnable must be set to 'On' or 'Off'"; 569 } 570 571 return NULL; 572 } 573 574 const char *mgs_set_export_certificates_enabled(cmd_parms * parms, 575 void *dummy, 576 const char *arg) 577 { 578 mgs_srvconf_rec *sc = 579 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 580 module_config, 581 &gnutls_module); 582 if (!strcasecmp(arg, "On")) { 583 sc->export_certificates_enabled = GNUTLS_ENABLED_TRUE; 584 } else if (!strcasecmp(arg, "Off")) { 585 sc->export_certificates_enabled = GNUTLS_ENABLED_FALSE; 586 } else { 587 return 588 "GnuTLSExportCertificates must be set to 'On' or 'Off'"; 589 } 590 591 return NULL; 592 } 593 594 595 const char *mgs_set_priorities(cmd_parms * parms, void *dummy, 596 const char *arg) 597 { 598 int ret; 599 const char *err; 600 mgs_srvconf_rec *sc = 601 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 602 module_config, 603 &gnutls_module); 604 605 606 ret = gnutls_priority_init(&sc->priorities, arg, &err); 607 if (ret < 0) { 608 if (ret == GNUTLS_E_INVALID_REQUEST) 609 return apr_psprintf(parms->pool, 610 "GnuTLS: Syntax error parsing priorities string at: %s", 611 err); 612 return "Error setting priorities"; 613 } 614 615 return NULL; 616 } 617 618 void *mgs_config_server_create(apr_pool_t * p, server_rec * s) 619 { 620 mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc)); 621 int ret; 622 530 623 sc->enabled = GNUTLS_ENABLED_FALSE; 531 } else { 532 return "GnuTLSEnable must be set to 'On' or 'Off'"; 533 } 534 535 return NULL; 536 } 537 538 const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy, 539 const char *arg) 540 { 541 mgs_srvconf_rec *sc = 542 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 543 module_config, 544 &gnutls_module); 545 if (!strcasecmp(arg, "On")) { 546 sc->export_certificates_enabled = GNUTLS_ENABLED_TRUE; 547 } else if (!strcasecmp(arg, "Off")) { 548 sc->export_certificates_enabled = GNUTLS_ENABLED_FALSE; 549 } else { 550 return "GnuTLSExportCertificates must be set to 'On' or 'Off'"; 551 } 552 553 return NULL; 554 } 555 556 557 const char *mgs_set_priorities(cmd_parms * parms, void *dummy, const char *arg) 558 { 559 int ret; 560 const char *err; 561 mgs_srvconf_rec *sc = 562 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 563 module_config, 564 &gnutls_module); 565 566 567 ret = gnutls_priority_init( &sc->priorities, arg, &err); 568 if (ret < 0) { 569 if (ret == GNUTLS_E_INVALID_REQUEST) 570 return apr_psprintf(parms->pool, "GnuTLS: Syntax error parsing priorities string at: %s", err); 571 return "Error setting priorities"; 572 } 573 574 return NULL; 575 } 576 577 void *mgs_config_server_create(apr_pool_t * p, server_rec * s) 578 { 579 mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc)); 580 int ret; 581 582 sc->enabled = GNUTLS_ENABLED_FALSE; 583 584 ret = gnutls_certificate_allocate_credentials(&sc->certs); 585 if (ret < 0) { 586 return apr_psprintf(p, "GnuTLS: Failed to initialize" 587 ": (%d) %s", ret, gnutls_strerror(ret)); 588 } 589 590 ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds); 591 if (ret < 0) { 592 return apr_psprintf(p, "GnuTLS: Failed to initialize" 593 ": (%d) %s", ret, gnutls_strerror(ret)); 594 } 595 624 625 ret = gnutls_certificate_allocate_credentials(&sc->certs); 626 if (ret < 0) { 627 return apr_psprintf(p, "GnuTLS: Failed to initialize" 628 ": (%d) %s", ret, 629 gnutls_strerror(ret)); 630 } 631 632 ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds); 633 if (ret < 0) { 634 return apr_psprintf(p, "GnuTLS: Failed to initialize" 635 ": (%d) %s", ret, 636 gnutls_strerror(ret)); 637 } 596 638 #ifdef ENABLE_SRP 597 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); 598 if (ret < 0) { 599 return apr_psprintf(p, "GnuTLS: Failed to initialize" 600 ": (%d) %s", ret, gnutls_strerror(ret)); 601 } 602 603 sc->srp_tpasswd_conf_file = NULL; 604 sc->srp_tpasswd_file = NULL; 639 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); 640 if (ret < 0) { 641 return apr_psprintf(p, "GnuTLS: Failed to initialize" 642 ": (%d) %s", ret, 643 gnutls_strerror(ret)); 644 } 645 646 sc->srp_tpasswd_conf_file = NULL; 647 sc->srp_tpasswd_file = NULL; 605 648 #endif 606 649 607 608 memset(sc->certs_x509, 0, sizeof(sc->certs_x509));609 610 611 612 613 sc->tickets = 1;/* by default enable session tickets */614 615 616 617 650 sc->privkey_x509 = NULL; 651 memset(sc->certs_x509, 0, sizeof(sc->certs_x509)); 652 sc->certs_x509_num = 0; 653 sc->cache_timeout = apr_time_from_sec(300); 654 sc->cache_type = mgs_cache_none; 655 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); 656 sc->tickets = 1; /* by default enable session tickets */ 657 658 sc->client_verify_mode = GNUTLS_CERT_IGNORE; 659 660 return sc; 618 661 } 619 662 620 663 void *mgs_config_dir_merge(apr_pool_t * p, void *basev, void *addv) 621 664 { 622 665 mgs_dirconf_rec *new; 623 666 /* mgs_dirconf_rec *base = (mgs_dirconf_rec *) basev; */ 624 625 626 627 628 629 630 631 667 mgs_dirconf_rec *add = (mgs_dirconf_rec *) addv; 668 669 new = (mgs_dirconf_rec *) apr_pcalloc(p, sizeof(mgs_dirconf_rec)); 670 new->lua_bytecode = apr_pstrmemdup(p, add->lua_bytecode, 671 add->lua_bytecode_len); 672 new->lua_bytecode_len = add->lua_bytecode_len; 673 new->client_verify_mode = add->client_verify_mode; 674 return new; 632 675 } 633 676 634 677 void *mgs_config_dir_create(apr_pool_t * p, char *dir) 635 678 { 636 637 638 639 640 641 642 } 679 mgs_dirconf_rec *dc = apr_palloc(p, sizeof(*dc)); 680 681 dc->client_verify_mode = -1; 682 dc->lua_bytecode = NULL; 683 dc->lua_bytecode_len = 0; 684 return dc; 685 }
Note: See TracChangeset
for help on using the changeset viewer.