Changeset f21d2a6 in mod_gnutls


Ignore:
Timestamp:
Sep 16, 2015, 2:37:11 PM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
746e993
Parents:
efd3cfe
git-author:
Nikos Mavrogiannopoulos <nmav@…> (09/15/15 12:20:30)
git-committer:
Thomas Klute <thomas2.klute@…> (09/16/15 14:37:11)
Message:

Changed the semantics of GnuTLSP11Module

That setting instructs gnutls to load only the specified modules. That
protects mod_gnutls from loading unintended PKCS #11 modules.

Location:
src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    refd3cfe rf21d2a6  
    326326    if (sc_base->p11_module != NULL)
    327327    {
    328         rv = gnutls_pkcs11_add_provider(sc_base->p11_module, NULL);
    329         if (rv != GNUTLS_E_SUCCESS)
     328        rv = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
     329        if (rv < 0) {
    330330            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    331                          "GnuTLS: Loading PKCS #11 provider module %s "
     331                         "GnuTLS: Initializing PKCS #11 "
    332332                         "failed: %s (%d).",
    333                          sc_base->p11_module, gnutls_strerror(rv), rv);
     333                         gnutls_strerror(rv), rv);
     334        } else {
     335            rv = gnutls_pkcs11_add_provider(sc_base->p11_module, NULL);
     336            if (rv != GNUTLS_E_SUCCESS)
     337                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
     338                             "GnuTLS: Loading PKCS #11 provider module %s "
     339                             "failed: %s (%d).",
     340                             sc_base->p11_module, gnutls_strerror(rv), rv);
     341        }
    334342    }
    335343
  • src/mod_gnutls.c

    refd3cfe rf21d2a6  
    144144    NULL,
    145145    RSRC_CONF,
    146     "Load this additional PKCS #11 provider library"),
     146    "Load this specific PKCS #11 provider library"),
    147147    AP_INIT_RAW_ARGS("GnuTLSPIN", mgs_set_pin,
    148148    NULL,
Note: See TracChangeset for help on using the changeset viewer.