Changeset f450ac9 in mod_gnutls
- Timestamp:
- Jun 9, 2016, 2:50:43 PM (7 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- 70a1e5a
- Parents:
- d18afb8
- git-author:
- Thomas Klute <thomas2.klute@…> (06/09/16 14:36:10)
- git-committer:
- Thomas Klute <thomas2.klute@…> (06/09/16 14:50:43)
- Location:
- src
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_cache.c
rd18afb8 rf450ac9 27 27 28 28 #include "apr_dbm.h" 29 #include <apr_escape.h> 29 30 30 31 #include "ap_mpm.h" … … 44 45 */ 45 46 #define MC_TAG "mod_gnutls:" 46 #define MC_TAG_LEN sizeof(MC_TAG) 47 #define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN)47 /* two characters per byte, plus one more for '\0' */ 48 #define GNUTLS_SESSION_ID_STRING_LEN ((GNUTLS_MAX_SESSION_ID_SIZE * 2) + 1) 48 49 49 50 #if MODULE_MAGIC_NUMBER_MAJOR < 20081201 … … 54 55 APLOG_USE_MODULE(gnutls); 55 56 #endif 56 57 char *mgs_session_id2sz(unsigned char *id, int idlen,58 char *str, int strsize) {59 char *cp;60 int n;61 62 cp = str;63 for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) {64 apr_snprintf(cp, strsize - (cp - str), "%02X", id[n]);65 cp += 2;66 }67 *cp = '\0';68 return str;69 }70 57 71 58 /* Name the Session ID as: … … 76 63 gnutls_datum_t *dbmkey) 77 64 { 78 char buf[STR_SESSION_LEN]; 79 char *sz; 80 81 sz = mgs_session_id2sz(id, idlen, buf, sizeof (buf)); 82 if (sz == NULL) 65 char sz[GNUTLS_SESSION_ID_STRING_LEN]; 66 apr_status_t rv = apr_escape_hex(sz, id, idlen, 0, NULL); 67 if (rv != APR_SUCCESS) 83 68 return -1; 84 69 … … 113 98 * to disallow resuming sessions on different servers 114 99 */ 115 static char *mgs_session_id2mc(conn_rec * c, unsigned char *id, int idlen) { 116 char buf[STR_SESSION_LEN]; 117 char *sz; 118 119 sz = mgs_session_id2sz(id, idlen, buf, sizeof (buf)); 120 if (sz == NULL) 100 static char *mgs_session_id2mc(conn_rec * c, unsigned char *id, int idlen) 101 { 102 char sz[GNUTLS_SESSION_ID_STRING_LEN]; 103 apr_status_t rv = apr_escape_hex(sz, id, idlen, 0, NULL); 104 if (rv != APR_SUCCESS) 121 105 return NULL; 122 106 -
src/gnutls_cache.h
rd18afb8 rf450ac9 41 41 int mgs_cache_session_init(mgs_handle_t *ctxt); 42 42 43 #define GNUTLS_SESSION_ID_STRING_LEN \44 ((GNUTLS_MAX_SESSION_ID + 1) * 2)45 43 46 47 48 /**49 * Convert a SSL Session ID into a Null Terminated Hex Encoded String50 * @param id raw SSL Session ID51 * @param idlen Length of the raw Session ID52 * @param str Location to store the Hex Encoded String53 * @param strsize The Maximum Length that can be stored in str54 */55 char *mgs_session_id2sz(unsigned char *id, int idlen, char *str, int strsize);56 44 57 45 /** -
src/gnutls_hooks.c
rd18afb8 rf450ac9 27 27 #include "mod_status.h" 28 28 #include <util_mutex.h> 29 #include <apr_escape.h> 29 30 30 31 #ifdef ENABLE_MSVA … … 893 894 int mgs_hook_fixups(request_rec * r) { 894 895 unsigned char sbuf[GNUTLS_MAX_SESSION_ID]; 895 char buf[AP_IOBUFSIZE];896 896 const char *tmp; 897 897 size_t len; … … 963 963 len = sizeof (sbuf); 964 964 gnutls_session_get_id(ctxt->session, sbuf, &len); 965 tmp = mgs_session_id2sz(sbuf, len, buf, sizeof (buf));966 apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp));965 apr_table_setn(env, "SSL_SESSION_ID", 966 apr_pescape_hex(r->pool, sbuf, len, 0)); 967 967 968 968 if (gnutls_certificate_type_get(ctxt->session) == GNUTLS_CRT_X509) { … … 1099 1099 len = sizeof (sbuf); 1100 1100 gnutls_x509_crt_get_serial(cert, sbuf, &len); 1101 tmp = mgs_session_id2sz(sbuf, len, buf, sizeof (buf));1102 apr_table_setn(env, MGS_SIDE("_M_SERIAL"), apr_pstrdup(r->pool, tmp));1101 apr_table_setn(env, MGS_SIDE("_M_SERIAL"), 1102 apr_pescape_hex(r->pool, sbuf, len, 0)); 1103 1103 1104 1104 ret = gnutls_x509_crt_get_version(cert); … … 1216 1216 len = sizeof (sbuf); 1217 1217 gnutls_openpgp_crt_get_fingerprint(cert, sbuf, &len); 1218 tmp = mgs_session_id2sz(sbuf, len, buf, sizeof (buf));1219 apr_table_setn(env, MGS_SIDE("_FINGERPRINT"), apr_pstrdup(r->pool, tmp));1218 apr_table_setn(env, MGS_SIDE("_FINGERPRINT"), 1219 apr_pescape_hex(r->pool, sbuf, len, 0)); 1220 1220 1221 1221 ret = gnutls_openpgp_crt_get_version(cert);
Note: See TracChangeset
for help on using the changeset viewer.