Changeset e63515a in mod_gnutls


Ignore:
Timestamp:
Jun 27, 2020, 10:49:03 AM (5 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master
Children:
19fbd4d
Parents:
add6b31
Message:

Fix SNI/ServerAlias matching

ServerAliases? were never checked if ServerName? was set, which is
obviously wrong, and the test did not verify if the correct virtual
host had been selected. Fix this by checking ServerName?, explicit
ServerAliases?, and wildcard ServerAliases? in order, and returning the
first match. Also the test now verifies the selected virtual host and
tests a wildcard match in addition to an explicit ServerAlias?.

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    radd6b31 re63515a  
    894894{
    895895    apr_array_header_t *names;
    896     int rv = 0;
    897896    char ** name;
    898897
    899     /* Check ServerName First! */
    900     if (strcasecmp(x->sni_name, s->server_hostname) == 0) {
     898    /* Check ServerName first */
     899    if (strcasecmp(x->sni_name, s->server_hostname) == 0)
     900    {
    901901        // We have a match, save this server configuration
    902902        x->sc = tsc;
    903         rv = 1;
    904         /* Check any ServerAlias directives */
    905     } else if(s->names->nelts) {
     903        return 1;
     904    }
     905
     906    /* Check any ServerAlias directives */
     907    if(s->names->nelts)
     908    {
    906909        names = s->names;
    907910        name = (char **) names->elts;
     
    912915            if (strcasecmp(x->sni_name, name[i]) == 0)
    913916            {
    914                 // We have a match, save this server configuration
    915917                x->sc = tsc;
    916                 rv = 1;
     918                return 1;
    917919            }
    918920        }
    919         /* ServerAlias directives may contain wildcards, check those last. */
    920     } else if(s->wild_names->nelts) {
     921    }
     922
     923    /* ServerAlias directives may contain wildcards, check those last. */
     924    if(s->wild_names->nelts)
     925    {
    921926        names = s->wild_names;
    922927        name = (char **) names->elts;
     
    928933            {
    929934                x->sc = tsc;
    930                 rv = 1;
     935                return 1;
    931936            }
    932937        }
    933938    }
    934     return rv;
     939    return 0;
    935940}
    936941
  • test/tests/31_vhost_SNI_serveralias_match/apache.conf

    radd6b31 re63515a  
    22
    33GnuTLSCache ${DEFAULT_CACHE}
     4
     5LoadModule      rewrite_module  ${AP_LIBEXECDIR}/mod_rewrite.so
    46
    57<VirtualHost _default_:${TEST_PORT}>
     
    1214<VirtualHost _default_:${TEST_PORT}>
    1315        ServerName      ${TEST_HOST}
     16        ServerAlias     test.example.com
    1417        ServerAlias     *.virtual.host
    1518        GnuTLSEnable    On
    1619        GnuTLSCertificateFile   authority/server/x509.pem
    1720        GnuTLSKeyFile           authority/server/secret.key
     21        # Use mod_rewrite to set up a path that will work only on this
     22        # virtual host
     23        RewriteEngine   On
     24        RewriteRule     "^/vhost/test\.txt$" "/test.txt" [PT]
    1825</VirtualHost>
  • test/tests/31_vhost_SNI_serveralias_match/test.yml

    radd6b31 re63515a  
    1 !connection
    2 gnutls_params:
    3   - x509cafile=authority/x509.pem
    4   - sni-hostname=example.virtual.host
    5 actions:
    6   - !request
    7     path: /test.txt
    8     headers:
    9       Host: example.virtual.host
    10     expect:
    11       status: 200
    12       body:
    13         exactly: |
    14           test
     1- !connection
     2  gnutls_params:
     3    - x509cafile=authority/x509.pem
     4    - sni-hostname=example.virtual.host
     5  actions:
     6    - !request
     7      path: /vhost/test.txt
     8      headers:
     9        Host: example.virtual.host
     10      expect:
     11        status: 200
     12        body:
     13          exactly: |
     14            test
     15- !connection
     16  gnutls_params:
     17    - x509cafile=authority/x509.pem
     18    - sni-hostname=test.example.com
     19  actions:
     20    - !request
     21      path: /vhost/test.txt
     22      headers:
     23        Host: test.example.com
     24      expect:
     25        status: 200
     26        body:
     27          exactly: |
     28            test
Note: See TracChangeset for help on using the changeset viewer.