Changeset fd6bb19 in mod_gnutls
- Timestamp:
- Jun 3, 2016, 10:08:29 AM (3 years ago)
- Branches:
- debian/master, debian/stretch-backports, master, upstream
- Children:
- c3ad933
- Parents:
- 4ae7810
- Files:
-
- 5 edited
-
include/mod_gnutls.h.in (modified) (1 diff)
-
src/gnutls_config.c (modified) (2 diffs)
-
src/gnutls_hooks.c (modified) (1 diff)
-
src/gnutls_ocsp.c (modified) (4 diffs)
-
src/gnutls_ocsp.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
include/mod_gnutls.h.in
r4ae7810 rfd6bb19 220 220 * once sending OCSP requests is implemented */ 221 221 char *ocsp_response_file; 222 /* OCSP URI extracted from the server certificate. NULL if 223 * unset. */ 224 apr_uri_t *ocsp_uri; 222 225 /* Trust list to verify OCSP responses for stapling. Should 223 226 * usually only contain the CA that signed the server -
src/gnutls_config.c
r4ae7810 rfd6bb19 973 973 974 974 sc->ocsp_response_file = NULL; 975 sc->ocsp_uri = NULL; 975 976 sc->ocsp_trust = NULL; 976 977 … … 1032 1033 1033 1034 gnutls_srvconf_assign(ocsp_response_file); 1035 gnutls_srvconf_assign(ocsp_uri); 1034 1036 gnutls_srvconf_assign(ocsp_trust); 1035 1037 -
src/gnutls_hooks.c
r4ae7810 rfd6bb19 386 386 if (sc->ocsp_response_file != NULL) 387 387 { 388 rv = mgs_ocsp_post_config_server(pconf, s);388 rv = mgs_ocsp_post_config_server(pconf, ptemp, s); 389 389 if (rv != OK && rv != DECLINED) 390 390 return rv; -
src/gnutls_ocsp.c
r4ae7810 rfd6bb19 223 223 ctxt->sc->ocsp_response_file); 224 224 225 /* TODO: response should come from cache, which must be filled 226 * from sc->ocsp_uri */ 225 227 int ret = gnutls_load_file(ctxt->sc->ocsp_response_file, ocsp_response); 226 228 if (ret != GNUTLS_E_SUCCESS) … … 277 279 278 280 281 apr_uri_t * mgs_cert_get_ocsp_uri(apr_pool_t *p, gnutls_x509_crt_t cert) 282 { 283 apr_pool_t *tmp; 284 apr_status_t rv = apr_pool_create(&tmp, p); 285 if (rv != APR_SUCCESS) 286 return NULL; 287 288 apr_uri_t *ocsp_uri = NULL; 289 290 int ret = GNUTLS_E_SUCCESS; 291 /* search authority info access for OCSP URI */ 292 for (int seq = 0; ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; seq++) 293 { 294 gnutls_datum_t ocsp_access_data; 295 ret = gnutls_x509_crt_get_authority_info_access(cert, seq, 296 GNUTLS_IA_OCSP_URI, 297 &ocsp_access_data, 298 NULL); 299 if (ret == GNUTLS_E_SUCCESS) 300 { 301 /* create NULL terminated string */ 302 char *ocsp_str = 303 apr_pstrndup(tmp, (const char*) ocsp_access_data.data, 304 ocsp_access_data.size); 305 gnutls_free(ocsp_access_data.data); 306 307 ocsp_uri = apr_palloc(p, sizeof(apr_uri_t)); 308 rv = apr_uri_parse(p, ocsp_str, ocsp_uri); 309 if (rv == APR_SUCCESS) 310 break; 311 else 312 ocsp_uri = NULL; 313 } 314 } 315 316 apr_pool_destroy(tmp); 317 return ocsp_uri; 318 } 319 320 321 279 322 /* 280 323 * Like in the general post_config hook the HTTP status codes for … … 282 325 * to denote an error. 283 326 */ 284 int mgs_ocsp_post_config_server(apr_pool_t *pconf, server_rec *server) 285 { 286 mgs_srvconf_rec *sc = 287 (mgs_srvconf_rec *) ap_get_module_config(server->module_config, 288 &gnutls_module); 327 int mgs_ocsp_post_config_server(apr_pool_t *pconf, 328 apr_pool_t *ptemp __attribute__((unused)), 329 server_rec *server) 330 { 331 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 332 ap_get_module_config(server->module_config, &gnutls_module); 289 333 290 334 if (sc->certs_x509_chain_num < 2) … … 297 341 return HTTP_NOT_FOUND; 298 342 } 343 344 sc->ocsp_uri = mgs_cert_get_ocsp_uri(pconf, sc->certs_x509_crt_chain[0]); 345 299 346 sc->ocsp_trust = apr_palloc(pconf, 300 347 sizeof(gnutls_x509_trust_list_t)); -
src/gnutls_ocsp.h
r4ae7810 rfd6bb19 63 63 * the post_config hook itself) 64 64 */ 65 int mgs_ocsp_post_config_server(apr_pool_t *pconf, server_rec *server); 65 int mgs_ocsp_post_config_server(apr_pool_t *pconf, apr_pool_t *ptemp, 66 server_rec *server); 66 67 67 68 int mgs_get_ocsp_response(gnutls_session_t session, void *ptr,
Note: See TracChangeset
for help on using the changeset viewer.
