Changeset e809fb3 in mod_gnutls


Ignore:
Timestamp:
Jun 9, 2016, 7:52:23 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
aa68232
Parents:
3e22b82
Message:

Use generic cache functions for OCSP response caching

With this, OCSP stapling works with all supported cache types.

Files:
6 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    r3e22b82 re809fb3  
    7272} mgs_cache_e;
    7373
     74/* Internal cache data, defined in gnutls_cache.h */
     75typedef struct mgs_cache* mgs_cache_t;
     76
    7477typedef enum {
    7578    mgs_cvm_unset,
     
    136139     * thread-safe) */
    137140    apr_global_mutex_t *cache_mutex;
     141    /* Internal cache data */
     142    mgs_cache_t cache;
    138143
    139144        /* GnuTLS uses Session Tickets */
  • src/gnutls_cache.c

    r3e22b82 re809fb3  
    240240}
    241241
    242 int mc_cache_store_generic(server_rec *s, gnutls_datum_t key,
    243                            gnutls_datum_t data, apr_time_t expiry)
     242static int mc_cache_store_generic(server_rec *s, gnutls_datum_t key,
     243                                  gnutls_datum_t data, apr_time_t expiry)
    244244{
    245245    apr_uint32_t timeout = apr_time_sec(expiry - apr_time_now());
     
    307307}
    308308
    309 gnutls_datum_t mc_cache_fetch_generic(mgs_handle_t *ctxt, gnutls_datum_t key)
     309static gnutls_datum_t mc_cache_fetch_generic(mgs_handle_t *ctxt,
     310                                             gnutls_datum_t key)
    310311{
    311312    gnutls_datum_t data = {NULL, 0};
     
    434435}
    435436
    436 gnutls_datum_t dbm_cache_fetch(mgs_handle_t *ctxt, gnutls_datum_t key)
     437static gnutls_datum_t dbm_cache_fetch(mgs_handle_t *ctxt, gnutls_datum_t key)
    437438{
    438439    gnutls_datum_t data = {NULL, 0};
     
    512513}
    513514
    514 int dbm_cache_store(server_rec *s, gnutls_datum_t key,
    515                     gnutls_datum_t data, apr_time_t expiry)
     515static int dbm_cache_store(server_rec *s, gnutls_datum_t key,
     516                           gnutls_datum_t data, apr_time_t expiry)
    516517{
    517518    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
     
    696697    }
    697698
    698     if (sc->cache_type == mgs_cache_dbm
    699             || sc->cache_type == mgs_cache_gdbm) {
     699    sc->cache = apr_palloc(p, sizeof(struct mgs_cache));
     700    if (sc->cache_type == mgs_cache_dbm || sc->cache_type == mgs_cache_gdbm)
     701    {
     702        sc->cache->store = dbm_cache_store;
     703        sc->cache->fetch = dbm_cache_fetch;
    700704        return dbm_cache_post_config(p, s, sc);
    701705    }
     706#if HAVE_APR_MEMCACHE
     707    else if (sc->cache_type == mgs_cache_memcache)
     708    {
     709        sc->cache->store = mc_cache_store_generic;
     710        sc->cache->fetch = mc_cache_fetch_generic;
     711    }
     712#endif
    702713
    703714    return APR_SUCCESS;
  • src/gnutls_cache.h

    r3e22b82 re809fb3  
    5252
    5353/*
    54  * EXPERIMENTAL: Make DBM cache available for OCSP caching. To be
    55  * replaced with properly configurable caching that can also use
    56  * memcached later.
     54 * Generic object cache functions, used for OCSP caching
    5755 */
    58 #include <apr_dbm.h>
    59 int dbm_cache_store(server_rec *s, gnutls_datum_t key,
    60                     gnutls_datum_t data, apr_time_t expiry);
    61 gnutls_datum_t dbm_cache_fetch(mgs_handle_t *ctxt, gnutls_datum_t key);
    62 int mc_cache_store_generic(server_rec *s, gnutls_datum_t key,
    63                            gnutls_datum_t data, apr_time_t expiry);
    64 gnutls_datum_t mc_cache_fetch_generic(mgs_handle_t *ctxt, gnutls_datum_t key);
     56typedef int (*cache_store_func)(server_rec *s, gnutls_datum_t key,
     57                                gnutls_datum_t data, apr_time_t expiry);
     58typedef gnutls_datum_t (*cache_fetch_func)(mgs_handle_t *ctxt,
     59                                           gnutls_datum_t key);
     60struct mgs_cache {
     61    cache_store_func store;
     62    cache_fetch_func fetch;
     63};
    6564
    6665#endif /** __MOD_GNUTLS_CACHE_H__ */
  • src/gnutls_config.c

    r3e22b82 re809fb3  
    965965    sc->cache_config = NULL;
    966966    sc->cache_mutex = NULL;
     967    sc->cache = NULL;
    967968    sc->tickets = GNUTLS_ENABLED_UNSET;
    968969    sc->priorities = NULL;
  • src/gnutls_hooks.c

    r3e22b82 re809fb3  
    376376        sc->cache_timeout = sc_base->cache_timeout;
    377377        sc->cache_mutex = sc_base->cache_mutex;
     378        sc->cache = sc_base->cache;
    378379
    379380        rv = mgs_load_files(pconf, s);
  • src/gnutls_ocsp.c

    r3e22b82 re809fb3  
    325325        ap_get_module_config(s->module_config, &gnutls_module);
    326326
    327     if (sc->cache_type != mgs_cache_dbm && sc->cache_type != mgs_cache_gdbm)
    328     {
    329         /* experimental OCSP cache requires DBM cache */
     327    if (sc->cache == NULL)
     328    {
     329        /* OCSP caching requires a cache. */
    330330        return APR_ENOTIMPL;
    331331    }
     
    400400        expiry -= sc->ocsp_grace_time;
    401401
    402     int r = dbm_cache_store(s, fingerprint, resp, expiry);
     402    int r = sc->cache->store(s, fingerprint, resp, expiry);
    403403    /* destroy pool, and original copy of the OCSP response with it */
    404404    apr_pool_destroy(tmp);
     
    419419{
    420420    mgs_handle_t *ctxt = (mgs_handle_t *) ptr;
     421    if (ctxt->sc->cache == NULL)
     422    {
     423        /* OCSP caching requires a cache. */
     424        return GNUTLS_E_NO_CERTIFICATE_STATUS;
     425    }
    421426
    422427    gnutls_datum_t fingerprint =
     
    426431        return GNUTLS_E_NO_CERTIFICATE_STATUS;
    427432
    428     *ocsp_response = dbm_cache_fetch(ctxt, fingerprint);
     433    *ocsp_response = ctxt->sc->cache->fetch(ctxt, fingerprint);
    429434    if (ocsp_response->size == 0)
    430435    {
     
    454459
    455460    /* retry reading from cache */
    456     *ocsp_response = dbm_cache_fetch(ctxt, fingerprint);
     461    *ocsp_response = ctxt->sc->cache->fetch(ctxt, fingerprint);
    457462    if (ocsp_response->size == 0)
    458463    {
Note: See TracChangeset for help on using the changeset viewer.