Changeset f8ffc43 in mod_gnutls


Ignore:
Timestamp:
Jan 11, 2013, 12:57:17 AM (7 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, upstream
Children:
4ecf14f, f809816
Parents:
8ce897a
Message:

Imported Upstream version 0.5.3

Files:
6 edited

Legend:

Unmodified
Added
Removed
  • NEWS

    r8ce897a rf8ffc43  
     1** Version 0.5.3 (2008-10-16)
     2
     3- Corrected bug to allow having an OpenPGP-only web site.
     4
     5- Increased Max handshake tries due to interrupted system calls.
     6
    17** Version 0.5.2 (2008-06-29)
    28
  • README

    r8ce897a rf8ffc43  
    1 mod_gnutls
    21
    3 This module started back in September of 2004 because I was tired of trying to
    4 fix bugs in mod_ssl.  mod_ssl is a giant beast of a module -- no offense to it's
    5 authors is intended -- but I believe it has fallen prey to massive feature bloat.
     2                mod_gnutls, Apache GnuTLS module.
     3                =================================
    64
    7 When I started hacking on httpd, mod_ssl remained a great mystery to me, and
    8 when I actually looked at it, I ran away.  The shear ammount code is huge, and it
    9 does not conform to the style guidelines.  It was painful to read, and even harder
    10 to debug.  I wanted to understand how it worked, and I had recently heard about
    11 GnuTLS, so long story short, I decided to implement a mod_gnutls.
     5$LastChangedDate: $
    126
    13 Lines of Code in mod_ssl: 15,324
    14 Lines of Code in mod_gnutls: 3,594
     7Contents:
    158
    16 Because of writing mod_gnutls, I now understand how input and output filters work,
    17 better than I ever thought possible.  It was a little painful at times, and some parts
    18 lift code and ideas directly from mod_ssl. Kudos to the original authors of mod_ssl.
     9     I. ABOUT
     10    II. AUTHORS
     11   III. LICENSE
     12    IV. STATUS
     13     V. BASIC CONFIGURATION
     14    VI. CREATE OPENPGP CREDENTIALS FOR THE SERVER
    1915
    20 ----------------------------
    2116
    22 Author: Paul Querna <chip force-elite.com>
    2317
    24 Heavily modified by Nikos Mavrogiannopoulos <nmav gnutls.org>
     18I.    ABOUT
    2519
    26 License: Apache Software License v2.0. (see the LICENSE file for details)
     20      This module started back in September of 2004 because I was tired of
     21      trying to fix bugs in mod_ssl.  mod_ssl is a giant beast of a module --
     22      no offense to it's authors is intended -- but I believe it has fallen
     23      prey to massive feature bloat.
    2724
    28 Current Status:
    29 - SSL and TLS connections with all popular browsers work!
    30 - Sets enviromental vars for scripts (compatible with mod_ssl vars)
    31 - Supports Memcached as a distributed SSL Session Cache
    32 - Supports DBM as a local SSL Session Cache
    33 - Support for Server Name Indication
    34 - Support for Client Certificates
    35 - Support for TLS-SRP
     25      When I started hacking on httpd, mod_ssl remained a great mystery to me,
     26      and when I actually looked at it, I ran away.  The shear amount code is
     27      huge, and it does not conform to the style guidelines.  It was painful to
     28      read, and even harder to debug.  I wanted to understand how it worked,
     29      and I had recently heard about GnuTLS, so long story short, I decided to
     30      implement a mod_gnutls.
    3631
    37 Basic Configuration:
     32         Lines of Code in mod_ssl: 15,324
     33         Lines of Code in mod_gnutls: 3,594
    3834
    39 LoadModule gnutls_module  modules/mod_gnutls.so
     35      Because of writing mod_gnutls, I now understand how input and output
     36      filters work, better than I ever thought possible.  It was a little
     37      painful at times, and some parts lift code and ideas directly from
     38      mod_ssl.  Kudos to the original authors of mod_ssl.
    4039
    41 # mod_gnutls can optionaly use a memcached server to store it's SSL Sessions.
    42 # This is useful in a cluster enviroment, where you want all of your servers
    43 # to share a single SSL Session Cache.
    44 #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
    4540
    46 # The Default method is to use a DBM backed Cache.  It isn't super fast, but
    47 # it is portable and does not require another server to be running like memcached.
    48 GnuTLSCache dbm conf/gnutls_cache
    4941
    50 <VirtualHost 1.2.3.4:443>
    51     # insert other directives ... here ...
     42II.   AUTHORS
    5243
    53     # This enables the mod_gnutls Handlers for this Virtual Host
    54     GnuTLSEnable On
     44      Paul Querna <chip force-elite.com>
     45      Nikos Mavrogiannopoulos <nmav gnutls.org>
    5546
    56     # This is the Private key for your server.
    57     GnuTLSX509KeyFile conf/server.key
    5847
    59     # This is the Server Certificate. 
    60     GnuTLSX509CertificateFile conf/server.cert
    61 </VirtualHost>
    6248
    63 # a more advanced configuration
    64 GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
    65 GnuTLSCacheTimeout 600
    66 NameVirtualHost 1.2.3.4:443
     49III.  LICENSE
    6750
    68 <VirtualHost 1.2.3.4:443>
    69         Servername server.com:443
     51      Apache License, Version 2.0 (see the LICENSE file for details)
     52
     53
     54
     55IV.   STATUS
     56
     57      * SSL and TLS connections with all popular browsers work!
     58      * Sets environmental vars for scripts (compatible with mod_ssl vars)
     59      * Supports memcached as a distributed SSL session cache
     60      * Supports DBM as a local SSL session cache
     61      * Support for server name indication (SNI), RFC3546
     62      * Support for client certificates
     63      * Support for secure remote password (SRP), RFC5054
     64
     65
     66
     67V.    BASIC CONFIGURATION
     68
     69      LoadModule gnutls_module modules/mod_gnutls.so
     70     
     71      # mod_gnutls can optionally use a memcached server to store it's SSL
     72      # Sessions.  This is useful in a cluster environment, where you want all
     73      # of your servers to share a single SSL session cache.
     74      #GnuTLSCache memcache "127.0.0.1 server2.example.com server3.example.com"
     75     
     76      # The Default method is to use a DBM backed Cache.  It isn't super fast,
     77      # but it is portable and does not require another server to be running
     78      # like memcached.
     79      GnuTLSCache dbm conf/gnutls_cache
     80     
     81      <VirtualHost 1.2.3.4:443>
     82
     83        # Enable mod_gnutls handlers for this virtual host
     84        GnuTLSEnable On
     85     
     86        # This is the private key for your server
     87        GnuTLSX509KeyFile conf/server.key
     88     
     89        # This is the server certificate
     90        GnuTLSX509CertificateFile conf/server.cert
     91
     92      </VirtualHost>
     93     
     94      # A more advanced configuration
     95      GnuTLSCache dbm "/var/cache/www-tls-cache/cache"
     96      GnuTLSCacheTimeout 600
     97      NameVirtualHost 1.2.3.4:443
     98     
     99      <VirtualHost 1.2.3.4:443>
     100
     101        Servername server.com:443
    70102        GnuTLSEnable on
    71         GnuTLSPriority NORMAL
    72 # To export exactly the same environment variables as mod_ssl to CGI scripts.
    73         GNUTLSExportCertificates on
     103        GnuTLSPriority NORMAL
    74104
    75         GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
    76         GnuTLSX509KeyFile /etc/apache2/server-key.pem
     105        # Export exactly the same environment variables as mod_ssl to CGI
     106        # scripts.
     107        GNUTLSExportCertificates on
     108     
     109        GnuTLSX509CertificateFile /etc/apache2/server-cert.pem
     110        GnuTLSX509KeyFile /etc/apache2/server-key.pem
     111     
     112        # To enable SRP you must have these files installed.  Check the gnutls
     113        # srptool.
     114        GnuTLSSRPPasswdFile /etc/apache2/tpasswd
     115        GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf
     116     
     117        # In order to verify client certificates.  Other options to
     118        # GnuTLSClientVerify could be ignore or require.  The
     119        # GnuTLSClientCAFile contains the CAs to verify client certificates.
     120        GnuTLSClientVerify request
     121        GnuTLSX509CAFile ca.pem
    77122
    78 # To enable SRP you must have these files installed. Check the gnutls srptool.
    79         GnuTLSSRPPasswdFile /etc/apache2/tpasswd
    80         GnuTLSSRPPasswdConfFile /etc/apache2/tpasswd.conf
     123      </VirtualHost>
     124     
     125      # A setup for OpenPGP and X.509 authentication
     126      <VirtualHost 1.2.3.4:443>
    81127
    82 # In order to verify client certificates. Other options to
    83 # GnuTLSClientVerify could be ignore or require. The GnuTLSClientCAFile
    84 # contains the CAs to verify client certificates.
    85         GnuTLSClientVerify request
    86         GnuTLSX509CAFile ca.pem
    87         ...
    88 </VirtualHost>
     128        Servername crystal.lan:443
     129        GnuTLSEnable on
     130        GnuTLSPriorities NORMAL:+COMP-NULL
     131     
     132        # Setup the openpgp keys
     133        GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
     134        GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
     135     
     136        # - and the X.509 keys
     137        GnuTLSCertificateFile /etc/apache2/server-cert.pem
     138        GnuTLSKeyFile /etc/apache2/server-key.pem
    89139
    90 # A setup for OpenPGP and X.509 authentication
    91 <VirtualHost 1.2.3.4:443>
    92         Servername crystal.lan:443
    93         GnuTLSEnable on
    94         GnuTLSPriorities NORMAL:+COMP-NULL
     140        GnuTLSClientVerify ignore
     141     
     142        # To avoid using the default DH params
     143        GnuTLSDHFile /etc/apache2/dh.pem
     144     
     145        # These are only needed if GnuTLSClientVerify != ignore
     146        GnuTLSClientCAFile ca.pem
     147        GnuTLSPGPKeyringFile /etc/apache2/ring.asc
    95148
    96 # setup the openpgp keys
    97         GnuTLSPGPCertificateFile /etc/apache2/test.pub.asc
    98         GnuTLSPGPKeyFile /etc/apache2/test.sec.asc
     149      </VirtualHost>
    99150
    100 # and the X.509 keys
    101         GnuTLSCertificateFile /etc/apache2/server-cert.pem
    102         GnuTLSKeyFile /etc/apache2/server-key.pem
    103         GnuTLSClientVerify ignore
    104151
    105 # To avoid using the default DH params
    106         GnuTLSDHFile /etc/apache2/dh.pem
    107152
    108 # these are only needed if GnuTLSClientVerify != ignore
    109         GnuTLSClientCAFile ca.pem
    110         GnuTLSPGPKeyringFile /etc/apache2/ring.asc
    111 </VirtualHost>
     153VI.   CREATE OPENPGP CREDENTIALS FOR THE SERVER
     154
     155      mod_gnutls currently cannot read encrypted OpenPGP credentials.  That is,
     156      when you generate a key with gpg and gpg prompts you for a passphrase,
     157      just press enter.  Then press enter again, to confirm an empty
     158      passphrase.  http://news.gmane.org/gmane.comp.apache.outoforder.modules
     159
     160      These instructions are from the GnuTLS manual:
     161      http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html#Invoking-gnutls_002dserv
     162
     163        $ gpg --gen-key
     164        ...enter whatever details you want, use 'test.gnutls.org' as name...
     165
     166      Make a note of the OpenPGP key identifier of the newly generated key,
     167      here it was 5D1D14D8.  You will need to export the key for GnuTLS to be
     168      able to use it.
     169
     170         $ gpg -a --export 5D1D14D8 > openpgp-server.txt
     171         $ gpg -a --export-secret-keys 5D1D14D8 > openpgp-server-key.txt
  • configure

    r8ce897a rf8ffc43  
    11#! /bin/sh
    22# Guess values for system-dependent variables and create Makefiles.
    3 # Generated by GNU Autoconf 2.61 for mod_gnutls 0.5.2.
     3# Generated by GNU Autoconf 2.61 for mod_gnutls 0.5.3.
    44#
    55# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
     
    727727PACKAGE_NAME='mod_gnutls'
    728728PACKAGE_TARNAME='mod_gnutls'
    729 PACKAGE_VERSION='0.5.2'
    730 PACKAGE_STRING='mod_gnutls 0.5.2'
     729PACKAGE_VERSION='0.5.3'
     730PACKAGE_STRING='mod_gnutls 0.5.3'
    731731PACKAGE_BUGREPORT=''
    732732
     
    14361436  # This message is too long to be a string in the A/UX 3.1 sh.
    14371437  cat <<_ACEOF
    1438 \`configure' configures mod_gnutls 0.5.2 to adapt to many kinds of systems.
     1438\`configure' configures mod_gnutls 0.5.3 to adapt to many kinds of systems.
    14391439
    14401440Usage: $0 [OPTION]... [VAR=VALUE]...
     
    15071507if test -n "$ac_init_help"; then
    15081508  case $ac_init_help in
    1509      short | recursive ) echo "Configuration of mod_gnutls 0.5.2:";;
     1509     short | recursive ) echo "Configuration of mod_gnutls 0.5.3:";;
    15101510   esac
    15111511  cat <<\_ACEOF
     
    16221622if $ac_init_version; then
    16231623  cat <<\_ACEOF
    1624 mod_gnutls configure 0.5.2
     1624mod_gnutls configure 0.5.3
    16251625generated by GNU Autoconf 2.61
    16261626
     
    16361636running configure, to aid debugging if configure makes a mistake.
    16371637
    1638 It was created by mod_gnutls $as_me 0.5.2, which was
     1638It was created by mod_gnutls $as_me 0.5.3, which was
    16391639generated by GNU Autoconf 2.61.  Invocation command line was
    16401640
     
    20072007  chmod +x config.nice
    20082008
    2009 MOD_GNUTLS_VERSION=0.5.2
     2009MOD_GNUTLS_VERSION=0.5.3
    20102010
    20112011
     
    25082508# Define the identity of the package.
    25092509 PACKAGE=mod_gnutls
    2510  VERSION=0.5.2
     2510 VERSION=0.5.3
    25112511
    25122512
     
    2170021700
    2170121701
    21702 MODULE_CFLAGS="${LIBGNUTLS_EXTRA_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
    21703 MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_EXTRA_LIBS}"
     21702MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
     21703MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
    2170421704
    2170521705
     
    2213222132# values after options handling.
    2213322133ac_log="
    22134 This file was extended by mod_gnutls $as_me 0.5.2, which was
     22134This file was extended by mod_gnutls $as_me 0.5.3, which was
    2213522135generated by GNU Autoconf 2.61.  Invocation command line was
    2213622136
     
    2218522185cat >>$CONFIG_STATUS <<_ACEOF
    2218622186ac_cs_version="\\
    22187 mod_gnutls config.status 0.5.2
     22187mod_gnutls config.status 0.5.3
    2218822188configured by $0, generated by GNU Autoconf 2.61,
    2218922189  with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
  • configure.ac

    r8ce897a rf8ffc43  
    11dnl
    2 AC_INIT(mod_gnutls, 0.5.2)
     2AC_INIT(mod_gnutls, 0.5.3)
    33OOO_CONFIG_NICE(config.nice)
    44MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
     
    5656AC_SUBST(have_apr_memcache)
    5757
    58 MODULE_CFLAGS="${LIBGNUTLS_EXTRA_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
    59 MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_EXTRA_LIBS}"
     58MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
     59MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
    6060
    6161AC_SUBST(MODULE_CFLAGS)
  • src/gnutls_hooks.c

    r8ce897a rf8ffc43  
    5555    apr_file_printf(debug_log_fp, "<%d> %s\n", level, str);
    5656}
     57#define _gnutls_log apr_file_printf
     58#else
     59# define _gnutls_log(...)
    5760#endif
    5861
     
    6265{
    6366int ret;
     67
     68#if MOD_GNUTLS_DEBUG
     69    apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
     70                  APR_APPEND | APR_WRITE | APR_CREATE, APR_OS_DEFAULT,
     71                  pconf);
     72
     73    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
     74
     75    gnutls_global_set_log_level(9);
     76    gnutls_global_set_log_function(gnutls_debug_log_all);
     77    _gnutls_log(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL));
     78#endif
    6479
    6580#if APR_HAS_THREADS
     
    7388
    7489    if (gnutls_check_version(LIBGNUTLS_VERSION)==NULL) {
    75         fprintf(stderr, "gnutls_check_version() failed. Required: gnutls-%s Found: gnutls-%s\n",
     90        _gnutls_log(debug_log_fp, "gnutls_check_version() failed. Required: gnutls-%s Found: gnutls-%s\n",
    7691          LIBGNUTLS_VERSION, gnutls_check_version(NULL));
    7792        return -3;
     
    8095    ret = gnutls_global_init();
    8196    if (ret < 0) {
    82         fprintf(stderr, "gnutls_global_init: %s\n", gnutls_strerror(ret));
     97        _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret));
    8398        return -3;
    8499    }
     
    87102                              apr_pool_cleanup_null);
    88103
    89 #if MOD_GNUTLS_DEBUG
    90     apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
    91                   APR_APPEND | APR_WRITE | APR_CREATE, APR_OS_DEFAULT,
    92                   pconf);
    93 
    94     gnutls_global_set_log_level(9);
    95     gnutls_global_set_log_function(gnutls_debug_log_all);
    96     apr_file_printf(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL));
    97 #endif
    98104
    99105    return OK;
     
    106112    int ret;
    107113    int cprio[2];
     114
     115    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    108116
    109117    ctxt = gnutls_transport_get_ptr(session);
     
    163171    mgs_handle_t *ctxt;
    164172
     173    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    165174    ctxt = gnutls_transport_get_ptr(session);
     175
     176    if (ctxt == NULL)
     177        return GNUTLS_E_INTERNAL_ERROR;
    166178
    167179    if (gnutls_certificate_type_get( session) == GNUTLS_CRT_X509) {
     
    211223
    212224
     225    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    213226    *cert_cn = NULL;
    214227
     
    262275
    263276
     277    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    264278    *cert_cn = NULL;
    265279
     
    294308    const char *userdata_key = "mgs_init";
    295309
     310    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    296311    apr_pool_userdata_get(&data, userdata_key, base_server->process->pool);
    297312    if (data == NULL) {
     
    395410#endif
    396411
    397             if (sc->certs_x509[0] == NULL
    398                 && sc->enabled == GNUTLS_ENABLED_TRUE) {
     412            if (sc->certs_x509[0] == NULL &&
     413                sc->cert_pgp == NULL &&
     414                sc->enabled == GNUTLS_ENABLED_TRUE) {
    399415                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
    400416                             "[GnuTLS] - Host '%s:%d' is missing a "
     
    404420            }
    405421
    406             if (sc->privkey_x509 == NULL
    407                 && sc->enabled == GNUTLS_ENABLED_TRUE) {
     422            if (sc->enabled == GNUTLS_ENABLED_TRUE &&
     423              ((sc->certs_x509[0] != NULL && sc->privkey_x509 == NULL) ||
     424              (sc->cert_pgp != NULL && sc->privkey_pgp == NULL))) {
    408425                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
    409426                             "[GnuTLS] - Host '%s:%d' is missing a "
     
    440457                                               &gnutls_module);
    441458
     459    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    442460    if (sc->cache_type != mgs_cache_none) {
    443461        rv = mgs_cache_child_init(p, s, sc);
     
    458476                                                 &gnutls_module);
    459477
     478    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    460479    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
    461480        return NULL;
     
    471490                                                 &gnutls_module);
    472491
     492    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    473493    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
    474494        return 0;
     
    492512    vhost_cb_rec *x = baton;
    493513
     514    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    494515    tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
    495516                                                   &gnutls_module);
     
    544565#endif
    545566
     567    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    546568    ctxt = gnutls_transport_get_ptr(session);
    547569
     
    621643                                                 &gnutls_module);
    622644
     645    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    623646    ctxt = apr_pcalloc(pool, sizeof(*ctxt));
    624647    ctxt->c = c;
     
    659682                                                 &gnutls_module);
    660683
     684    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    661685    if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
    662686        return DECLINED;
     
    688712    int rv = OK;
    689713
     714    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    690715    apr_table_t *env = r->subprocess_env;
    691716
     
    762787                                               &gnutls_module);
    763788
     789    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    764790    ctxt =
    765791        ap_get_module_config(r->connection->conn_config, &gnutls_module);
     
    823849    apr_table_t *env = r->subprocess_env;
    824850
     851    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    825852    if (export_certificates_enabled != 0) {
    826853        char cert_buf[10 * 1024];
     
    929956    int ret;
    930957
     958    _gnutls_log(debug_log_fp,   "%s: %d\n", __func__, __LINE__);
    931959    apr_table_t *env = r->subprocess_env;
    932960
     
    9951023    apr_time_t activation_time, expiration_time, cur_time;
    9961024
     1025    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    9971026    cert_list =
    9981027        gnutls_certificate_get_peers(ctxt->session, &cert_list_size);
  • src/gnutls_io.c

    r8ce897a rf8ffc43  
    7373    if (buffer->length > inl) {
    7474        /* we have have enough to fill the caller's buffer */
    75         memcpy(in, buffer->value, inl);
     75        memmove(in, buffer->value, inl);
    7676        buffer->value += inl;
    7777        buffer->length -= inl;
     
    7979    else {
    8080        /* swallow remainder of the buffer */
    81         memcpy(in, buffer->value, buffer->length);
     81        memmove(in, buffer->value, buffer->length);
    8282        inl = buffer->length;
    8383        buffer->value = NULL;
     
    354354}
    355355
    356 #define HANDSHAKE_MAX_TRIES 100
     356#define HANDSHAKE_MAX_TRIES 1024
    357357static int gnutls_do_handshake(mgs_handle_t * ctxt)
    358358{
Note: See TracChangeset for help on using the changeset viewer.