Changeset ec06980 in mod_gnutls
- Timestamp:
- Jan 11, 2013, 12:55:31 AM (8 years ago)
- Branches:
- debian/master, debian/stretch-backports, jessie-backports, upstream
- Children:
- 40ac29f, a4839ae
- Parents:
- 70c2d86
- Files:
-
- 1 deleted
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
Makefile.in
r70c2d86 rec06980 37 37 $(srcdir)/Makefile.in $(srcdir)/config.in \ 38 38 $(top_srcdir)/configure $(top_srcdir)/include/mod_gnutls.h.in \ 39 config/compile config/config.guess config/config.sub \ 40 config/depcomp config/install-sh config/ltmain.sh \ 41 config/missing 39 config/config.guess config/config.sub config/depcomp \ 40 config/install-sh config/ltmain.sh config/missing 42 41 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 43 42 am__aclocal_m4_deps = $(top_srcdir)/m4/apache.m4 \ -
README
r70c2d86 rec06980 62 62 63 63 64 # a more advance configuration64 # a more advanced configuration 65 65 GnuTLSCache dbm "/var/cache/www-tls-cache/cache" 66 66 GnuTLSCacheTimeout 500 -
autogen.sh
-
Property
mode
changed from
100644
to100755
-
Property
mode
changed from
-
configure
r70c2d86 rec06980 1 1 #! /bin/sh 2 2 # Guess values for system-dependent variables and create Makefiles. 3 # Generated by GNU Autoconf 2.61 for mod_gnutls 0. 3.4.3 # Generated by GNU Autoconf 2.61 for mod_gnutls 0.4.0. 4 4 # 5 5 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, … … 727 727 PACKAGE_NAME='mod_gnutls' 728 728 PACKAGE_TARNAME='mod_gnutls' 729 PACKAGE_VERSION='0. 3.4'730 PACKAGE_STRING='mod_gnutls 0. 3.4'729 PACKAGE_VERSION='0.4.0' 730 PACKAGE_STRING='mod_gnutls 0.4.0' 731 731 PACKAGE_BUGREPORT='' 732 732 … … 1426 1426 # This message is too long to be a string in the A/UX 3.1 sh. 1427 1427 cat <<_ACEOF 1428 \`configure' configures mod_gnutls 0. 3.4to adapt to many kinds of systems.1428 \`configure' configures mod_gnutls 0.4.0 to adapt to many kinds of systems. 1429 1429 1430 1430 Usage: $0 [OPTION]... [VAR=VALUE]... … … 1497 1497 if test -n "$ac_init_help"; then 1498 1498 case $ac_init_help in 1499 short | recursive ) echo "Configuration of mod_gnutls 0. 3.4:";;1499 short | recursive ) echo "Configuration of mod_gnutls 0.4.0:";; 1500 1500 esac 1501 1501 cat <<\_ACEOF … … 1607 1607 if $ac_init_version; then 1608 1608 cat <<\_ACEOF 1609 mod_gnutls configure 0. 3.41609 mod_gnutls configure 0.4.0 1610 1610 generated by GNU Autoconf 2.61 1611 1611 … … 1621 1621 running configure, to aid debugging if configure makes a mistake. 1622 1622 1623 It was created by mod_gnutls $as_me 0. 3.4, which was1623 It was created by mod_gnutls $as_me 0.4.0, which was 1624 1624 generated by GNU Autoconf 2.61. Invocation command line was 1625 1625 … … 1992 1992 chmod +x config.nice 1993 1993 1994 MOD_GNUTLS_VERSION=0. 3.41994 MOD_GNUTLS_VERSION=0.4.0 1995 1995 1996 1996 … … 2493 2493 # Define the identity of the package. 2494 2494 PACKAGE=mod_gnutls 2495 VERSION=0. 3.42495 VERSION=0.4.0 2496 2496 2497 2497 … … 20133 20133 20134 20134 20135 MIN_TLS_VERSION=2.1. 520135 MIN_TLS_VERSION=2.1.7 20136 20136 20137 20137 … … 21396 21396 # values after options handling. 21397 21397 ac_log=" 21398 This file was extended by mod_gnutls $as_me 0. 3.4, which was21398 This file was extended by mod_gnutls $as_me 0.4.0, which was 21399 21399 generated by GNU Autoconf 2.61. Invocation command line was 21400 21400 … … 21449 21449 cat >>$CONFIG_STATUS <<_ACEOF 21450 21450 ac_cs_version="\\ 21451 mod_gnutls config.status 0. 3.421451 mod_gnutls config.status 0.4.0 21452 21452 configured by $0, generated by GNU Autoconf 2.61, 21453 21453 with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" -
configure.ac
r70c2d86 rec06980 1 1 dnl 2 AC_INIT(mod_gnutls, 0. 3.4)2 AC_INIT(mod_gnutls, 0.4.0) 3 3 OOO_CONFIG_NICE(config.nice) 4 4 MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION … … 29 29 dnl AC_SUBST(LIBTOOL) 30 30 31 MIN_TLS_VERSION=2.1. 531 MIN_TLS_VERSION=2.1.7 32 32 CHECK_LIBGNUTLS($MIN_TLS_VERSION) 33 33 -
data/Makefile.am
r70c2d86 rec06980 4 4 5 5 rsafile: 6 ${GNUTLS_CERTTOOL} --generate-privkey --bits 512 --outfile rsafile --quick-random6 ${GNUTLS_CERTTOOL} --generate-privkey --bits 512 --outfile rsafile 7 7 dhfile: 8 ${GNUTLS_CERTTOOL} --generate-dh-params --bits 1024 --outfile dhfile --quick-random8 ${GNUTLS_CERTTOOL} --generate-dh-params --bits 1024 --outfile dhfile 9 9 10 10 clean: clean-am -
data/Makefile.in
r70c2d86 rec06980 387 387 388 388 rsafile: 389 ${GNUTLS_CERTTOOL} --generate-privkey --bits 512 --outfile rsafile --quick-random389 ${GNUTLS_CERTTOOL} --generate-privkey --bits 512 --outfile rsafile 390 390 dhfile: 391 ${GNUTLS_CERTTOOL} --generate-dh-params --bits 1024 --outfile dhfile --quick-random391 ${GNUTLS_CERTTOOL} --generate-dh-params --bits 1024 --outfile dhfile 392 392 393 393 clean: clean-am -
include/mod_gnutls.h.in
r70c2d86 rec06980 96 96 */ 97 97 int export_certificates_enabled; 98 int ciphers[MAX_CIPHERS]; 99 int key_exchange[MAX_CIPHERS]; 100 int macs[MAX_CIPHERS]; 101 int protocol[MAX_CIPHERS]; 102 int compression[MAX_CIPHERS]; 103 int cert_types[MAX_CIPHERS]; apr_time_t cache_timeout; 98 gnutls_priority_t priorities; 99 int cache_timeout; 104 100 mgs_cache_e cache_type; 105 101 const char* cache_config; … … 271 267 const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy, 272 268 const char *arg); 273 const char *mgs_set_ciphers(cmd_parms * parms, void *dummy, 274 const char *arg); 275 const char *mgs_set_kx(cmd_parms * parms, void *dummy, 276 const char *arg); 277 const char *mgs_set_mac(cmd_parms * parms, void *dummy, 278 const char *arg); 279 const char *mgs_set_compression(cmd_parms * parms, void *dummy, 280 const char *arg); 281 const char *mgs_set_protocols(cmd_parms * parms, void *dummy, 269 const char *mgs_set_priorities(cmd_parms * parms, void *dummy, 282 270 const char *arg); 283 271 -
src/gnutls_config.c
r70c2d86 rec06980 330 330 331 331 332 const char *mgs_set_mac(cmd_parms * parms, void *dummy, const char *arg) 333 { 334 mgs_srvconf_rec *sc = 335 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 336 module_config, 337 &gnutls_module); 338 339 int ret = gnutls_mac_convert_priority( sc->macs, MAX_CIPHERS, arg, ' '); 340 341 if (ret < 0) 342 return "GnuTLSMACAlgorithms must be a comma separated list of SHA-1 or MD5"; 343 344 return NULL; 345 } 346 347 const char *mgs_set_kx(cmd_parms * parms, void *dummy, const char *arg) 348 { 349 mgs_srvconf_rec *sc = 350 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 351 module_config, 352 &gnutls_module); 353 354 int ret = gnutls_kx_convert_priority( sc->key_exchange, MAX_CIPHERS, arg, ' '); 355 356 if (ret < 0) 357 return "GnuTLSKeyExchangeAlgorithms must be a comma separated list of RSA, RSA-EXPORT, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS, ANON"; 358 359 return NULL; 360 } 361 362 363 const char *mgs_set_ciphers(cmd_parms * parms, void *dummy, 364 const char *arg) 365 { 366 mgs_srvconf_rec *sc = 367 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 368 module_config, 369 &gnutls_module); 370 371 int ret = gnutls_cipher_convert_priority( sc->ciphers, MAX_CIPHERS, arg, ' '); 372 373 if (ret < 0) 374 return "GnuTLSCiphers must be a comma separated list of AES-128-CBC, CAMELIA-128-CBC, ARCFOUR-128, 3DES-CBC or ARCFOUR-40"; 375 376 return NULL; 377 } 378 379 380 const char *mgs_set_compression(cmd_parms * parms, void *dummy, 381 const char *arg) 382 { 383 mgs_srvconf_rec *sc = 384 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 385 module_config, 386 &gnutls_module); 387 388 int ret = gnutls_compression_convert_priority( sc->compression, MAX_CIPHERS, arg, ' '); 389 390 if (ret < 0) 391 return "GnuTLSCompressionMethods must be a comma separated list of NULL or DEFLATE"; 392 393 return NULL; 394 } 395 396 const char *mgs_set_protocols(cmd_parms * parms, void *dummy, 397 const char *arg) 398 { 399 mgs_srvconf_rec *sc = 400 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 401 module_config, 402 &gnutls_module); 403 404 int ret = gnutls_protocol_convert_priority( sc->protocol, MAX_CIPHERS, arg, ' '); 405 406 if (ret < 0) 407 return "GnuTLSProtocols must be a comma separated list of TLS1.1, TLS1.0 or SSL3.0"; 408 409 return NULL; 410 } 411 332 const char *mgs_set_priorities(cmd_parms * parms, void *dummy, const char *arg) 333 { 334 int ret; 335 const char *err; 336 mgs_srvconf_rec *sc = 337 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 338 module_config, 339 &gnutls_module); 340 341 342 ret = gnutls_priority_init( &sc->priorities, arg, &err); 343 if (ret < 0) { 344 if (ret == GNUTLS_E_INVALID_REQUEST) 345 return apr_psprintf(parms->pool, "GnuTLS: Syntax error parsing priorities string at: %s", err); 346 return "Error setting priorities"; 347 } 348 349 return NULL; 350 } 412 351 413 352 void *mgs_config_server_create(apr_pool_t * p, server_rec * s) 414 353 { 415 int i;416 354 mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc)); 417 355 … … 435 373 sc->client_verify_mode = GNUTLS_CERT_IGNORE; 436 374 437 if (sc->protocol[0]==0) {438 i = 0;439 sc->protocol[i++] = GNUTLS_TLS1_1;440 sc->protocol[i++] = GNUTLS_TLS1;441 sc->protocol[i++] = GNUTLS_SSL3;442 sc->protocol[i] = 0;443 }444 445 if (sc->compression[0]==0) {446 i = 0;447 sc->compression[i++] = GNUTLS_COMP_NULL;448 sc->compression[i] = 0;449 }450 451 if (sc->cert_types[0]==0) {452 i = 0;453 sc->cert_types[i++] = GNUTLS_CRT_X509;454 sc->cert_types[i] = 0;455 }456 457 375 return sc; 458 376 } -
src/gnutls_hooks.c
r70c2d86 rec06980 125 125 } 126 126 127 /* We don't support openpgp certificates, yet */ 128 const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 }; 129 127 130 static int mgs_select_virtual_server_cb( gnutls_session_t session) 128 131 { 129 132 mgs_handle_t *ctxt; 130 133 mgs_srvconf_rec *tsc; 134 int ret; 131 135 132 136 ctxt = gnutls_transport_get_ptr(session); … … 155 159 } 156 160 157 /* enable the default priorities and override them later on 161 /* update the priorities - to avoid negotiating a ciphersuite that is not 162 * enabled on this virtual server. Note that here we ignore the version 163 * negotiation. 158 164 */ 159 gnutls_set_default_priority( session); 160 161 /* update the priorities - to avoid negotiating a ciphersuite that is not 162 * enabled on this virtual server 163 */ 164 if (ctxt->sc->ciphers[0] != 0) 165 gnutls_cipher_set_priority(session, ctxt->sc->ciphers); 166 if (ctxt->sc->compression[0] != 0) 167 gnutls_compression_set_priority(session, ctxt->sc->compression); 168 if (ctxt->sc->key_exchange[0] != 0) 169 gnutls_kx_set_priority(session, ctxt->sc->key_exchange); 170 if (ctxt->sc->macs[0] != 0) 171 gnutls_mac_set_priority(session, ctxt->sc->macs); 172 if (ctxt->sc->cert_types[0] != 0) 173 gnutls_certificate_type_set_priority(session, ctxt->sc->cert_types); 174 175 /* allow separate caches per virtual host. Actually allowing the same is not 176 * a good idea, especially if they have different security requirements. 165 ret = gnutls_priority_set( session, ctxt->sc->priorities); 166 gnutls_certificate_type_set_priority( session, cert_type_prio); 167 168 169 /* actually it shouldn't fail since we have checked at startup */ 170 if (ret < 0) return ret; 171 172 /* allow separate caches per virtual host. Actually allowing the same is a 173 * bad idea, since they might have different security requirements. 177 174 */ 178 175 mgs_cache_session_init(ctxt); … … 535 532 536 533 537 534 static const int protocol_priority[] = { 535 GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; 536 538 537 539 538 static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) … … 565 564 */ 566 565 gnutls_session_enable_compatibility_mode( ctxt->session); 567 568 gnutls_protocol_set_priority(ctxt->session, sc->protocol); 566 567 /* because we don't set any default priorities here (we set later at 568 * the user hello callback) we need to at least set this in order for 569 * gnutls to be able to read packets. 570 */ 571 gnutls_protocol_set_priority( ctxt->session, protocol_priority); 569 572 570 573 gnutls_handshake_set_post_client_hello_function( ctxt->session, mgs_select_virtual_server_cb); -
src/mod_gnutls.c
r70c2d86 rec06980 97 97 RSRC_CONF, 98 98 "Cache Configuration"), 99 AP_INIT_RAW_ARGS("GnuTLS Ciphers", mgs_set_ciphers,99 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, 100 100 NULL, 101 101 RSRC_CONF, 102 "The ciphers to enable (AES-128, 3DES, ARCFOUR-128, ARCFOUR-40)"), 103 AP_INIT_RAW_ARGS("GnuTLSKeyExchangeAlgorithms", mgs_set_kx, 104 NULL, 105 RSRC_CONF, 106 "The key exchange algorithms to enable (RSA, DHE-RSA, DHE-DSS, RSA-EXPORT, SRP, SRP-RSA, SRP-DSS)"), 107 AP_INIT_RAW_ARGS("GnuTLSMACAlgorithms", mgs_set_mac, 108 NULL, 109 RSRC_CONF, 110 "The MAC algorithms to utilize (SHA-1, MD5)"), 111 AP_INIT_RAW_ARGS("GnuTLSCompressionMethods", mgs_set_compression, 112 NULL, 113 RSRC_CONF, 114 "The compression methods to utilize (NULL, ZLIB)"), 115 AP_INIT_RAW_ARGS("GnuTLSProtocols", mgs_set_protocols, 116 NULL, 117 RSRC_CONF, 118 "The TLS protocol version to use (TLS1.1, TLS1.0, SSL3.0)"), 102 "The priorities to enable (ciphers, Key exchange, macs, compression)"), 119 103 AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, 120 104 NULL,
Note: See TracChangeset
for help on using the changeset viewer.