Changeset f030883 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Apr 9, 2015, 1:02:39 PM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
73f6f12
Parents:
8b472af
Message:

Set GnuTLS priorities for proxy connections separately

Until now, proxy connections were configured with the same priorities as
the server side. This commit introduces the new configuration option
"GnuTLSProxyPriorities" to set the priorities for proxy connections
separately. Note that GnuTLSProxyPriorities MUST be set when
SSLProxyEngine is enabled.

Since the parameters to GnuTLSPriorities and GnuTLSProxyPriorities need
the same processing, mgs_set_priorities has been rewritten to select the
priority cache to write to based on the option name, rather than adding
a new function to handle GnuTLSProxyPriorities.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    r8b472af rf030883  
    463463            && sc->proxy_enabled == GNUTLS_ENABLED_TRUE)
    464464        {
     465            /* Check if the proxy priorities have been set */
     466            if (sc->proxy_priorities == NULL)
     467            {
     468                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
     469                             "Host '%s:%d' is missing the "
     470                             "GnuTLSProxyPriorities directive!",
     471                             s->server_hostname, s->port);
     472                exit(-1);
     473            }
     474            /* Set up proxy credentials */
    465475            load_proxy_x509_credentials(s);
    466476        }
     
    826836                               ctxt->sc->proxy_x509_creds);
    827837        /* Load priorities from the server configuration */
    828         err = gnutls_priority_set(ctxt->session, ctxt->sc->priorities);
     838        err = gnutls_priority_set(ctxt->session, ctxt->sc->proxy_priorities);
    829839        if (err != GNUTLS_E_SUCCESS)
    830840            ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c,
    831                           "%s: setting priorities for proxy connection failed: %s (%d)",
     841                          "%s: setting priorities for proxy connection "
     842                          "failed: %s (%d)",
    832843                          __func__, gnutls_strerror(err), err);
    833844    }
Note: See TracChangeset for help on using the changeset viewer.