Changeset e239d1a in mod_gnutls

Timestamp:

Dec 2, 2007, 6:12:23 PM (12 years ago)

Author:

Nokis Mavrogiannopoulos <nmav@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream

Children:

d786d75

Parents:

ea470be

git-author:

Nikos Mavrogiannopoulos <nmav@…> (12/02/07 18:12:23)

git-committer:

Nokis Mavrogiannopoulos <nmav@…> (12/02/07 18:12:23)

Message:

No more defaults for dhparams, rsaparams. Check for GnuTLSPriorities.

Location:

src

Files:

• gnutls_config.c (modified) (1 diff)
• gnutls_hooks.c (modified) (8 diffs)
• mod_gnutls.c (modified) (1 diff)

src/gnutls_config.c

@@ -368 +368 @@
     sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");
 
-    sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile");
-    sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile");
-
     sc->client_verify_mode = GNUTLS_CERT_IGNORE;
 

src/gnutls_hooks.c

@@ -98 +98 @@
                        pool);
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
                      "GnuTLS failed to load params file at: %s. Will use internal params.",
                      file);
@@ -107 +107 @@
 
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
                      "GnuTLS failed to stat params file at: %s", file);
         return ret;
@@ -116 +116 @@
 
     if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
                      "GnuTLS failed to read params file at: %s", file);
         return ret;
@@ -267 +267 @@
     int rv;
     server_rec *s;
-    gnutls_dh_params_t dh_params;
-    gnutls_rsa_params_t rsa_params;
+    gnutls_dh_params_t dh_params = NULL;
+    gnutls_rsa_params_t rsa_params = NULL;
     mgs_srvconf_rec *sc;
     mgs_srvconf_rec *sc_base;
@@ -285 +285 @@
 
     {
-        gnutls_datum pdata;
+        gnutls_datum pdata = { NULL, 0 };
         apr_pool_t *tpool;
         s = base_server;
@@ -294 +294 @@
         apr_pool_create(&tpool, p);
 
+
         gnutls_dh_params_init(&dh_params);
 
-        pdata = load_params(sc_base->dh_params_file, s, tpool);
+        if (sc_base->dh_params_file)
+            pdata = load_params(sc_base->dh_params_file, s, tpool);
 
         if (pdata.size != 0) {
@@ -324 +326 @@
         apr_pool_clear(tpool);
 
-        rsa_params = NULL;
-
-        pdata = load_params(sc_base->rsa_params_file, s, tpool);
+        pdata.data = NULL;
+        pdata.size = 0;
+
+        if (sc_base->rsa_params_file)
+            pdata = load_params(sc_base->rsa_params_file, s, tpool);
 
         if (pdata.size != 0) {
@@ -357 +361 @@
             sc->cache_config = sc_base->cache_config;
 
+            /* Check if the priorities have been set */
+            if (sc->priorities == NULL) {
+                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                     "GnuTLS: Host '%s:%d' is missing the GnuTLSPriorities directive!",
+                             s->server_hostname, s->port);
+                exit(-1);
+            }
+
             if (rsa_params != NULL)
                 gnutls_certificate_set_rsa_export_params(sc->certs,
                                                          rsa_params);
-            gnutls_certificate_set_dh_params(sc->certs, dh_params);
+            
+            if (dh_params != NULL) /* not needed but anyway */
+                gnutls_certificate_set_dh_params(sc->certs, dh_params);
+
 
             gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);

src/mod_gnutls.c

@@ -100 +100 @@
                   NULL,
                   RSRC_CONF,
-                  "The priorities to enable (ciphers, Key exchange, macs, compression)"),
+                  "The priorities to enable (ciphers, Key exchange, macs, compression)."),
     AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
                   NULL,