Changeset e6d9e47 in mod_gnutls
- Timestamp:
- Jun 5, 2020, 3:42:56 PM (2 years ago)
- Branches:
- asyncio, master
- Children:
- 796d9a3
- Parents:
- 641d11b
- Location:
- src
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_hooks.c
r641d11b re6d9e47 1130 1130 } 1131 1131 1132 static int got_ticket_func(gnutls_session_t session,1133 unsigned int htype,1134 unsigned when,1135 unsigned int incoming __attribute__((unused)),1136 const gnutls_datum_t *msg __attribute__((unused)))1137 {1138 /* Ignore all unexpected messages */1139 if (htype != GNUTLS_HANDSHAKE_NEW_SESSION_TICKET1140 || when != GNUTLS_HOOK_POST)1141 return GNUTLS_E_SUCCESS;1142 1143 mgs_handle_t *ctxt = gnutls_session_get_ptr(session);1144 if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET))1145 {1146 ap_log_cerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, ctxt->c,1147 "%s called but session has no ticket!",1148 __func__);1149 /* Tickets are optional, so don't break the session on1150 * errors. */1151 return GNUTLS_E_SUCCESS;1152 }1153 1154 /* No cache means we cannot cache tickets. */1155 if (!ctxt->sc->cache_enable)1156 return GNUTLS_E_SUCCESS;1157 1158 gnutls_datum_t ticket;1159 int ret = gnutls_session_get_data2(session, &ticket);1160 if (ret != GNUTLS_E_SUCCESS)1161 {1162 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,1163 "%s: error reading session ticket: %s (%d)",1164 __func__, gnutls_strerror(ret), ret);1165 if (ticket.data)1166 gnutls_free(ticket.data);1167 return GNUTLS_E_SUCCESS;1168 }1169 1170 apr_time_t expiry = apr_time_now() + ctxt->sc->cache_timeout;1171 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c,1172 "%s: caching session ticket for %s (%u bytes)",1173 __func__, ctxt->proxy_ticket_key.data, ticket.size);1174 mgs_cache_store(ctxt->sc->cache, ctxt->c->base_server,1175 ctxt->proxy_ticket_key, ticket, expiry);1176 gnutls_free(ticket.data);1177 return GNUTLS_E_SUCCESS;1178 }1179 1180 1132 static void create_gnutls_handle(conn_rec * c) 1181 1133 { … … 1206 1158 gnutls_handshake_set_hook_function(ctxt->session, 1207 1159 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, 1208 GNUTLS_HOOK_POST, got_ticket_func); 1160 GNUTLS_HOOK_POST, 1161 mgs_proxy_got_ticket_func); 1209 1162 ctxt->proxy_ticket_key = mgs_proxy_ticket_id(ctxt, NULL); 1210 1163 } -
src/gnutls_proxy.c
r641d11b re6d9e47 297 297 298 298 299 int mgs_proxy_got_ticket_func(gnutls_session_t session, 300 unsigned int htype, 301 unsigned when, 302 unsigned int incoming __attribute__((unused)), 303 const gnutls_datum_t *msg __attribute__((unused))) 304 { 305 /* Ignore all unexpected messages */ 306 if (htype != GNUTLS_HANDSHAKE_NEW_SESSION_TICKET 307 || when != GNUTLS_HOOK_POST) 308 return GNUTLS_E_SUCCESS; 309 310 mgs_handle_t *ctxt = gnutls_session_get_ptr(session); 311 if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)) 312 { 313 ap_log_cerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, ctxt->c, 314 "%s called but session has no ticket!", 315 __func__); 316 /* Tickets are optional, so don't break the session on 317 * errors. */ 318 return GNUTLS_E_SUCCESS; 319 } 320 321 /* No cache means we cannot cache tickets. */ 322 if (!ctxt->sc->cache_enable) 323 return GNUTLS_E_SUCCESS; 324 325 gnutls_datum_t ticket; 326 int ret = gnutls_session_get_data2(session, &ticket); 327 if (ret != GNUTLS_E_SUCCESS) 328 { 329 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c, 330 "%s: error reading session ticket: %s (%d)", 331 __func__, gnutls_strerror(ret), ret); 332 if (ticket.data) 333 gnutls_free(ticket.data); 334 return GNUTLS_E_SUCCESS; 335 } 336 337 apr_time_t expiry = apr_time_now() + ctxt->sc->cache_timeout; 338 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c, 339 "%s: caching session ticket for %s (%u bytes)", 340 __func__, ctxt->proxy_ticket_key.data, ticket.size); 341 mgs_cache_store(ctxt->sc->cache, ctxt->c->base_server, 342 ctxt->proxy_ticket_key, ticket, expiry); 343 gnutls_free(ticket.data); 344 return GNUTLS_E_SUCCESS; 345 } 346 347 348 299 349 /** 300 350 * Returns either a valid hostname for use with SNI, or NULL. -
src/gnutls_proxy.h
r641d11b re6d9e47 55 55 gnutls_datum_t mgs_proxy_ticket_id(mgs_handle_t *ctxt, apr_pool_t *pool); 56 56 57 /** 58 * `gnutls_handshake_hook_func` to handle incoming session tickets on 59 * proxy connections. 60 */ 61 int mgs_proxy_got_ticket_func(gnutls_session_t session, 62 unsigned int htype, 63 unsigned when, 64 unsigned int incoming __attribute__((unused)), 65 const gnutls_datum_t *msg __attribute__((unused))); 66 57 67 #endif /* __MOD_GNUTLS_PROXY_H__ */
Note: See TracChangeset
for help on using the changeset viewer.