Changes in src/mod_gnutls.c [c782c1f:f030883] in mod_gnutls


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    rc782c1f rf030883  
    2828    /* Try Run Post-Config Hook After mod_proxy */
    2929    static const char * const aszPre[] = { "mod_proxy.c", NULL };
    30     ap_hook_post_config(mgs_hook_post_config, aszPre, NULL,APR_HOOK_REALLY_LAST);
     30    ap_hook_post_config(mgs_hook_post_config, aszPre, NULL,
     31                        APR_HOOK_REALLY_LAST);
    3132    /* HTTP Scheme Hook */
    3233#if USING_2_1_RECENT
     
    3637#endif
    3738    /* Default Port Hook */
    38     ap_hook_default_port(mgs_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
     39    ap_hook_default_port(mgs_hook_default_port, NULL, NULL, APR_HOOK_MIDDLE);
    3940    /* Pre-Connect Hook */
    40     ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL, APR_HOOK_MIDDLE);
     41    ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL,
     42                           APR_HOOK_MIDDLE);
    4143    /* Pre-Config Hook */
    4244    ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL,
    43             APR_HOOK_MIDDLE);
     45                       APR_HOOK_MIDDLE);
    4446    /* Child-Init Hook */
    4547    ap_hook_child_init(mgs_hook_child_init, NULL, NULL,
    46             APR_HOOK_MIDDLE);
     48                       APR_HOOK_MIDDLE);
    4749    /* Authentication Hook */
    4850    ap_hook_access_checker(mgs_hook_authz, NULL, NULL,
    49             APR_HOOK_REALLY_FIRST);
     51                           APR_HOOK_REALLY_FIRST);
    5052    /* Fixups Hook */
    5153    ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
     
    5759
    5860    /* Input Filter */
    59     ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
    60             mgs_filter_input, NULL,AP_FTYPE_CONNECTION + 5);
     61    ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME, mgs_filter_input,
     62                             NULL, AP_FTYPE_CONNECTION + 5);
    6163    /* Output Filter */
    62     ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
    63             mgs_filter_output, NULL,AP_FTYPE_CONNECTION + 5);
     64    ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME, mgs_filter_output,
     65                              NULL, AP_FTYPE_CONNECTION + 5);
    6466
    6567    /* mod_proxy calls these functions */
     
    6870}
    6971
    70 int ssl_is_https(conn_rec *c) {
     72int ssl_is_https(conn_rec *c)
     73{
    7174    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    72             ap_get_module_config(c->base_server->module_config, &gnutls_module);
     75        ap_get_module_config(c->base_server->module_config, &gnutls_module);
    7376    if(sc->enabled == 0 || sc->non_ssl_request == 1) {
    7477        /* SSL/TLS Disabled or Plain HTTP Connection Detected */
     
    8891
    8992    /* disable TLS for this connection */
    90     mgs_handle_t *ctxt = (mgs_handle_t *) ap_get_module_config(c->conn_config, &gnutls_module);
     93    mgs_handle_t *ctxt = (mgs_handle_t *)
     94        ap_get_module_config(c->conn_config, &gnutls_module);
    9195    if (ctxt == NULL)
    9296    {
    93         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "%s: allocating connection memory", __func__);
    9497        ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
    9598        ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
    9699    }
    97100    ctxt->enabled = GNUTLS_ENABLED_FALSE;
     101    ctxt->is_proxy = GNUTLS_ENABLED_TRUE;
    98102
    99103    if (c->input_filters)
     
    105109}
    106110
    107 int ssl_proxy_enable(conn_rec *c) {
     111int ssl_proxy_enable(conn_rec *c)
     112{
     113    /* check if TLS proxy support is enabled */
    108114    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    109             ap_get_module_config(c->base_server->module_config, &gnutls_module);
    110     sc->proxy_enabled = GNUTLS_ENABLED_TRUE;
    111     sc->enabled = GNUTLS_ENABLED_FALSE;
     115        ap_get_module_config(c->base_server->module_config, &gnutls_module);
     116    if (sc->proxy_enabled != GNUTLS_ENABLED_TRUE)
     117    {
     118        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
     119                      "%s: mod_proxy requested TLS proxy, but not enabled "
     120                      "for %s", __func__, sc->cert_cn);
     121        return 0;
     122    }
     123
     124    /* enable TLS for this connection */
     125    mgs_handle_t *ctxt = (mgs_handle_t *)
     126        ap_get_module_config(c->conn_config, &gnutls_module);
     127    if (ctxt == NULL)
     128    {
     129        ctxt = apr_pcalloc(c->pool, sizeof (*ctxt));
     130        ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
     131    }
     132    ctxt->enabled = GNUTLS_ENABLED_TRUE;
     133    ctxt->is_proxy = GNUTLS_ENABLED_TRUE;
    112134    return 1;
    113135}
     
    202224    RSRC_CONF,
    203225    "Max size to export PEM encoded certificates to CGIs (or off to disable). Default: off"),
     226    AP_INIT_TAKE1("GnuTLSProxyKeyFile", mgs_store_cred_path,
     227    NULL,
     228    RSRC_CONF,
     229    "X509 client private file for proxy connections"),
     230    AP_INIT_TAKE1("GnuTLSProxyCertificateFile", mgs_store_cred_path,
     231    NULL,
     232    RSRC_CONF,
     233    "X509 client certificate file for proxy connections"),
     234    AP_INIT_TAKE1("GnuTLSProxyCAFile", mgs_store_cred_path,
     235    NULL,
     236    RSRC_CONF,
     237    "X509 trusted CA file for proxy connections"),
     238    AP_INIT_TAKE1("GnuTLSProxyCRLFile", mgs_store_cred_path,
     239    NULL,
     240    RSRC_CONF,
     241    "X509 CRL file for proxy connections"),
     242    AP_INIT_RAW_ARGS("GnuTLSProxyPriorities", mgs_set_priorities,
     243    NULL,
     244    RSRC_CONF,
     245    "The priorities to enable for proxy connections (ciphers, key exchange, "
     246    "MACs, compression)."),
    204247    { NULL },
    205248};
Note: See TracChangeset for help on using the changeset viewer.