Changeset e7cf823 in mod_gnutls


Ignore:
Timestamp:
Apr 10, 2018, 12:18:26 PM (6 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
2f10643
Parents:
4cdd4fd
Message:

Add process_connection hook, adjust hook order for mod_http2 compatibility

The TLS handshake must have happened before the mod_http2
process_connection hook runs, which means we have to trigger it
explicitly before any reads happen. Some other hooks must have a
certain order relative to mod_http2 as well.

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    r4cdd4fd re7cf823  
    470470int mgs_hook_pre_connection(conn_rec * c, void *csd);
    471471
     472int mgs_hook_process_connection(conn_rec* c);
     473
    472474int mgs_hook_fixups(request_rec *r);
    473475
  • src/gnutls_hooks.c

    r4cdd4fd re7cf823  
    10761076}
    10771077
     1078
     1079
     1080/**
     1081 * process_connection hook: Do a zero byte read to trigger the
     1082 * handshake. Doesn't change anything for traditional protocols that
     1083 * just do reads, but HTTP/2 needs the TLS handshake and ALPN to
     1084 * happen before its process_connection hook runs.
     1085 */
     1086int mgs_hook_process_connection(conn_rec* c)
     1087{
     1088    mgs_handle_t *ctxt = (mgs_handle_t *)
     1089        ap_get_module_config(c->conn_config, &gnutls_module);
     1090
     1091    if ((ctxt != NULL) && (ctxt->enabled == GNUTLS_ENABLED_TRUE))
     1092    {
     1093        /* This connection is supposed to use TLS. Give the filters a
     1094         * kick with a zero byte read to trigger the handshake. */
     1095        apr_bucket_brigade* temp =
     1096            apr_brigade_create(c->pool, c->bucket_alloc);
     1097        ap_get_brigade(c->input_filters, temp,
     1098                       AP_MODE_INIT, APR_BLOCK_READ, 0);
     1099        apr_brigade_destroy(temp);
     1100    }
     1101    return DECLINED;
     1102}
     1103
     1104
     1105
    10781106int mgs_hook_fixups(request_rec * r) {
    10791107    unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
  • src/mod_gnutls.c

    r4cdd4fd re7cf823  
    3030                   int proxy, int enable);
    3131
     32static const char * const mod_proxy[] = { "mod_proxy.c", NULL };
     33static const char * const mod_http2[] = { "mod_http2.c", NULL };
     34
    3235static void gnutls_hooks(apr_pool_t * p __attribute__((unused)))
    3336{
    3437    /* Try Run Post-Config Hook After mod_proxy */
    35     static const char * const aszPre[] = { "mod_proxy.c", NULL };
    36     ap_hook_post_config(mgs_hook_post_config, aszPre, NULL,
    37                         APR_HOOK_REALLY_LAST);
     38    ap_hook_post_config(mgs_hook_post_config, mod_proxy, mod_http2,
     39                        APR_HOOK_MIDDLE);
    3840    /* HTTP Scheme Hook */
    3941    ap_hook_http_scheme(mgs_hook_http_scheme, NULL, NULL, APR_HOOK_MIDDLE);
     
    4143    ap_hook_default_port(mgs_hook_default_port, NULL, NULL, APR_HOOK_MIDDLE);
    4244    /* Pre-Connect Hook */
    43     ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL,
     45    ap_hook_pre_connection(mgs_hook_pre_connection, mod_http2, NULL,
    4446                           APR_HOOK_MIDDLE);
     47    ap_hook_process_connection(mgs_hook_process_connection,
     48                               NULL, mod_http2, APR_HOOK_MIDDLE);
    4549    /* Pre-Config Hook */
    4650    ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL,
Note: See TracChangeset for help on using the changeset viewer.