Context Navigation

← Previous Change
Next Change →

Changeset f030883 in mod_gnutls for test

Timestamp:

Apr 9, 2015, 1:02:39 PM (4 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, upstream

Children:

73f6f12

Parents:

8b472af

Message:

Set GnuTLS priorities for proxy connections separately

Until now, proxy connections were configured with the same priorities as
the server side. This commit introduces the new configuration option
"GnuTLSProxyPriorities" to set the priorities for proxy connections
separately. Note that GnuTLSProxyPriorities MUST be set when
SSLProxyEngine is enabled.

Since the parameters to GnuTLSPriorities and GnuTLSProxyPriorities need
the same processing, mgs_set_priorities has been rewritten to select the
priority cache to write to based on the option name, rather than adding
a new function to handle GnuTLSProxyPriorities.

Location:

test

Files:

: 6 added
: 5 edited

Makefile.am (modified) (1 diff)
test-23_TLS_reverse_proxy_mismatched_priorities.bash (added)
tests/19_TLS_reverse_proxy/apache.conf (modified) (1 diff)
tests/20_TLS_reverse_proxy_client_auth/apache.conf (modified) (1 diff)
tests/21_TLS_reverse_proxy_wrong_cert/apache.conf (modified) (1 diff)
tests/22_TLS_reverse_proxy_crl_revoke/apache.conf (modified) (1 diff)
tests/23_TLS_reverse_proxy_mismatched_priorities/apache.conf (added)
tests/23_TLS_reverse_proxy_mismatched_priorities/backend.conf (added)
tests/23_TLS_reverse_proxy_mismatched_priorities/gnutls-cli.args (added)
tests/23_TLS_reverse_proxy_mismatched_priorities/input (added)
tests/23_TLS_reverse_proxy_mismatched_priorities/output (added)

Legend:

: Unmodified
: Added
: Removed

test/Makefile.am

-                      r8b472af
+                      rf030883
         test-20_TLS_reverse_proxy_client_auth.bash \
         test-21_TLS_reverse_proxy_wrong_cert.bash \
+        test-22_TLS_reverse_proxy_crl_revoke.bash
+        test-22_TLS_reverse_proxy_crl_revoke.bash \
+        test-23_TLS_reverse_proxy_mismatched_priorities.bash
 clean-local:

test/tests/19_TLS_reverse_proxy/apache.conf

r8b472af	rf030883
15	15	SSLProxyEngine On
16	16	GnuTLSProxyCAFile authority/x509.pem
	17	GnuTLSProxyPriorities NORMAL
17	18	ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
18	19	ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/

test/tests/20_TLS_reverse_proxy_client_auth/apache.conf

r8b472af	rf030883
17	17	GnuTLSProxyCertificateFile client/x509.pem
18	18	GnuTLSProxyCAFile authority/x509.pem
	19	GnuTLSProxyPriorities NORMAL
19	20	ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
20	21	ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/

test/tests/21_TLS_reverse_proxy_wrong_cert/apache.conf

r8b472af	rf030883
15	15	SSLProxyEngine On
16	16	GnuTLSProxyCAFile authority/x509.pem
	17	GnuTLSProxyPriorities NORMAL
17	18	ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
18	19	ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/

test/tests/22_TLS_reverse_proxy_crl_revoke/apache.conf

r8b472af	rf030883
16	16	GnuTLSProxyCAFile authority/x509.pem
17	17	GnuTLSProxyCRLFile ${PWD}/crl.pem
	18	GnuTLSProxyPriorities NORMAL
18	19	ProxyPass /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/
19	20	ProxyPassReverse /proxy/ https://${BACKEND_HOST}:${BACKEND_PORT}/

Note: See TracChangeset for help on using the changeset viewer.