Changeset e7cf823 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Apr 10, 2018, 12:18:26 PM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, debian/stretch-backports, master, proxy-ticket, upstream
Children:
2f10643
Parents:
4cdd4fd
Message:

Add process_connection hook, adjust hook order for mod_http2 compatibility

The TLS handshake must have happened before the mod_http2
process_connection hook runs, which means we have to trigger it
explicitly before any reads happen. Some other hooks must have a
certain order relative to mod_http2 as well.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • src/gnutls_hooks.c

    r4cdd4fd re7cf823  
    10761076}
    10771077
     1078
     1079
     1080/**
     1081 * process_connection hook: Do a zero byte read to trigger the
     1082 * handshake. Doesn't change anything for traditional protocols that
     1083 * just do reads, but HTTP/2 needs the TLS handshake and ALPN to
     1084 * happen before its process_connection hook runs.
     1085 */
     1086int mgs_hook_process_connection(conn_rec* c)
     1087{
     1088    mgs_handle_t *ctxt = (mgs_handle_t *)
     1089        ap_get_module_config(c->conn_config, &gnutls_module);
     1090
     1091    if ((ctxt != NULL) && (ctxt->enabled == GNUTLS_ENABLED_TRUE))
     1092    {
     1093        /* This connection is supposed to use TLS. Give the filters a
     1094         * kick with a zero byte read to trigger the handshake. */
     1095        apr_bucket_brigade* temp =
     1096            apr_brigade_create(c->pool, c->bucket_alloc);
     1097        ap_get_brigade(c->input_filters, temp,
     1098                       AP_MODE_INIT, APR_BLOCK_READ, 0);
     1099        apr_brigade_destroy(temp);
     1100    }
     1101    return DECLINED;
     1102}
     1103
     1104
     1105
    10781106int mgs_hook_fixups(request_rec * r) {
    10791107    unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
Note: See TracChangeset for help on using the changeset viewer.