Changeset f030883 in mod_gnutls for test


Ignore:
Timestamp:
Apr 9, 2015, 1:02:39 PM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
73f6f12
Parents:
8b472af
Message:

Set GnuTLS priorities for proxy connections separately

Until now, proxy connections were configured with the same priorities as
the server side. This commit introduces the new configuration option
"GnuTLSProxyPriorities" to set the priorities for proxy connections
separately. Note that GnuTLSProxyPriorities MUST be set when
SSLProxyEngine is enabled.

Since the parameters to GnuTLSPriorities and GnuTLSProxyPriorities need
the same processing, mgs_set_priorities has been rewritten to select the
priority cache to write to based on the option name, rather than adding
a new function to handle GnuTLSProxyPriorities.

Location:
test
Files:
6 added
5 edited

Legend:

Unmodified
Added
Removed
  • test/Makefile.am

    r8b472af rf030883  
    2323        test-20_TLS_reverse_proxy_client_auth.bash \
    2424        test-21_TLS_reverse_proxy_wrong_cert.bash \
    25         test-22_TLS_reverse_proxy_crl_revoke.bash
     25        test-22_TLS_reverse_proxy_crl_revoke.bash \
     26        test-23_TLS_reverse_proxy_mismatched_priorities.bash
    2627
    2728clean-local:
  • test/tests/19_TLS_reverse_proxy/apache.conf

    r8b472af rf030883  
    1515 SSLProxyEngine On
    1616 GnuTLSProxyCAFile      authority/x509.pem
     17 GnuTLSProxyPriorities          NORMAL
    1718 ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
    1819 ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
  • test/tests/20_TLS_reverse_proxy_client_auth/apache.conf

    r8b472af rf030883  
    1717 GnuTLSProxyCertificateFile     client/x509.pem
    1818 GnuTLSProxyCAFile              authority/x509.pem
     19 GnuTLSProxyPriorities          NORMAL
    1920 ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
    2021 ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
  • test/tests/21_TLS_reverse_proxy_wrong_cert/apache.conf

    r8b472af rf030883  
    1515 SSLProxyEngine On
    1616 GnuTLSProxyCAFile      authority/x509.pem
     17 GnuTLSProxyPriorities  NORMAL
    1718 ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
    1819 ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
  • test/tests/22_TLS_reverse_proxy_crl_revoke/apache.conf

    r8b472af rf030883  
    1616 GnuTLSProxyCAFile      authority/x509.pem
    1717 GnuTLSProxyCRLFile     ${PWD}/crl.pem
     18 GnuTLSProxyPriorities  NORMAL
    1819 ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
    1920 ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
Note: See TracChangeset for help on using the changeset viewer.