Changeset efc43b4 in mod_gnutls for src/gnutls_ocsp.c
- Timestamp:
- Sep 25, 2018, 3:46:26 PM (2 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- cb6476c
- Parents:
- 994200a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
r994200a refc43b4 1087 1087 1088 1088 1089 const char* mgs_ocsp_configure_stapling(apr_pool_t *pconf, 1090 apr_pool_t *ptemp __attribute__((unused)), 1091 server_rec *server) 1092 { 1093 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 1094 ap_get_module_config(server->module_config, &gnutls_module); 1095 1096 if (sc->certs_x509_chain_num < 2) 1097 return "No issuer (CA) certificate available, cannot enable " 1098 "stapling. Please add it to the GnuTLSCertificateFile."; 1099 1100 mgs_ocsp_data_t ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data)); 1101 1102 ocsp->uri = mgs_cert_get_ocsp_uri(pconf, 1103 sc->certs_x509_crt_chain[0]); 1104 if (ocsp->uri == NULL && sc->ocsp_response_file == NULL) 1105 return "No OCSP URI in the certificate nor a GnuTLSOCSPResponseFile " 1106 "setting, cannot configure OCSP stapling."; 1107 1108 if (sc->ocsp_cache == NULL) 1109 return "No OCSP response cache available, please check " 1110 "the GnuTLSOCSPCache setting."; 1111 1112 sc->ocsp = ocsp; 1113 return NULL; 1114 } 1115 1116 1117 1089 1118 /* 1090 1119 * Like in the general post_config hook the HTTP status codes for … … 1092 1121 * to denote an error. 1093 1122 */ 1094 int mgs_ocsp_ post_config_server(apr_pool_t *pconf,1095 1096 1123 int mgs_ocsp_enable_stapling(apr_pool_t *pconf, 1124 apr_pool_t *ptemp __attribute__((unused)), 1125 server_rec *server) 1097 1126 { 1098 1127 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 1099 1128 ap_get_module_config(server->module_config, &gnutls_module); 1100 1101 if (sc->certs_x509_chain_num < 2) 1102 { 1103 ap_log_error(APLOG_MARK, APLOG_STARTUP, APR_EINVAL, server, 1104 "OCSP stapling is enabled but no CA certificate " 1105 "available for %s:%d, make sure it is included in " 1106 "GnuTLSCertificateFile!", 1107 server->server_hostname, server->addrs->host_port); 1108 return HTTP_NOT_FOUND; 1109 } 1110 1111 if (sc->ocsp_cache == NULL) 1112 { 1113 ap_log_error(APLOG_MARK, APLOG_STARTUP, APR_EINVAL, server, 1114 "OCSP stapling is enabled but no cache configured!"); 1115 return HTTP_NOT_FOUND; 1129 if (sc->ocsp == NULL) 1130 { 1131 ap_log_error(APLOG_MARK, APLOG_STARTUP, APR_EGENERAL, server, 1132 "CRITICAL ERROR: %s called with uninitialized OCSP " 1133 "data structure. This indicates a bug in mod_gnutls.", 1134 __func__); 1135 return HTTP_INTERNAL_SERVER_ERROR; 1116 1136 } 1117 1137 … … 1152 1172 } 1153 1173 1154 sc->ocsp = apr_palloc(pconf, sizeof(struct mgs_ocsp_data));1155 1156 1174 sc->ocsp->fingerprint = 1157 1175 mgs_get_cert_fingerprint(pconf, sc->certs_x509_crt_chain[0]); 1158 1176 if (sc->ocsp->fingerprint.data == NULL) 1159 1177 return HTTP_INTERNAL_SERVER_ERROR; 1160 1161 sc->ocsp->uri = mgs_cert_get_ocsp_uri(pconf,1162 sc->certs_x509_crt_chain[0]);1163 if (sc->ocsp->uri == NULL && sc->ocsp_response_file == NULL)1164 {1165 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, server,1166 "OCSP stapling is enabled for for %s:%d, but there is "1167 "neither an OCSP URI in the certificate nor a "1168 "GnuTLSOCSPResponseFile setting for this host!",1169 server->server_hostname, server->addrs->host_port);1170 return HTTP_NOT_FOUND;1171 }1172 1178 1173 1179 sc->ocsp->trust = apr_palloc(pconf,
Note: See TracChangeset
for help on using the changeset viewer.