Changeset e8acf05 in mod_gnutls for include


Ignore:
Timestamp:
Jan 20, 2015, 10:45:39 AM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
c782c1f
Parents:
e4b58b6
git-author:
Thomas Klute <thomas2.klute@…> (01/20/15 10:30:36)
git-committer:
Thomas Klute <thomas2.klute@…> (01/20/15 10:45:39)
Message:

Enable/disable TLS per connection in ssl_engine_disable

Previously, ssl_engine_disable set the server wide variable sc->enabled
to GNUTLS_ENABLED_FALSE, leading to mod_gnutls refusing to serve any
connection, including incoming client connections. The general HTTP
handler cannot process raw TLS traffic, so all further requests using
TLS failed.

This commit adds a new element "enabled" to struct mgs_handle_t, which
is used to disable TLS per connection, making it possible to disable TLS
for proxy back end connections while continuing to serve TLS clients.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    re4b58b6 re8acf05  
    171171        /* Connection record */
    172172    conn_rec* c;
     173        /* Is TLS enabled for this connection? */
     174    int enabled;
    173175        /* GnuTLS Session handle */
    174176    gnutls_session_t session;
Note: See TracChangeset for help on using the changeset viewer.