summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorPaul Querna <chip@outoforder.cc>2004-12-09 07:52:31 (GMT)
committer Paul Querna <chip@outoforder.cc>2004-12-09 07:52:31 (GMT)
commit32f2e601850dbbfb34180763df507d103c6b6aff (patch)
tree9b50b30743958f0a4e2c71f3d7f762b6170952f9
parent0314debf01c32040851395b66669b75bbc1220cc (diff)
fixes and stuff that i should of already committed.
-rw-r--r--src/gnutls_cache.c38
-rw-r--r--src/gnutls_io.c59
-rw-r--r--src/mod_gnutls.c17
3 files changed, 54 insertions, 60 deletions
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c
index f2fb803..683cdf4 100644
--- a/src/gnutls_cache.c
+++ b/src/gnutls_cache.c
@@ -21,5 +21,41 @@
21 * GnuTLS Session Cache using libmemcached 21 * GnuTLS Session Cache using libmemcached
22 * 22 *
23 */ 23 */
24/*
25#include "memcache.h"
24 26
25#include "libmemcache/memcache.h" 27int mod_gnutls_cache_init()
28{
29 return 0;
30}
31static int cache_store((void* baton, gnutls_datum_t key, gnutls_datum_t data)
32{
33 mc_set(struct memcache *mc,
34 key->data, key->size,
35 data->data, data->size,
36 3600, 0);
37 return 0;
38}
39
40static int cache_fetch(void* baton, gnutls_datum_t key)
41{
42 mod_gnutls_handle_t *ctxt = baton;
43 return 0;
44}
45
46static int cache_delete(void* baton, gnutls_datum_t key)
47{
48 mod_gnutls_handle_t *ctxt = baton;
49 return 0;
50}
51
52int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt)
53{
54 gnutls_db_set_cache_expiration
55 gnutls_db_set_retrieve_function(session, cache_fetch);
56 gnutls_db_set_remove_function(session, cache_delete);
57 gnutls_db_set_store_function(session, cache_store);
58 gnutls_db_set_ptr(session, NULL);
59 return 0;
60}
61*/
diff --git a/src/gnutls_io.c b/src/gnutls_io.c
index 856b6a3..e1c84be 100644
--- a/src/gnutls_io.c
+++ b/src/gnutls_io.c
@@ -332,46 +332,12 @@ static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt,
332} 332}
333 333
334 334
335#define GNUTLS_HANDSHAKE_ATTEMPTS 10
336
337static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) 335static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
338{ 336{
339 int i, ret; 337 int ret;
340 338
341 if (ctxt->status != 0) 339 if (ctxt->status != 0)
342 return; 340 return;
343#if 0
344
345 for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) {
346 ret = gnutls_handshake(ctxt->session);
347 if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
348 continue;
349 }
350
351 if (ret < 0) {
352 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
353 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
354 ret = gnutls_alert_get(ctxt->session);
355 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
356 "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret,
357 gnutls_alert_get_name(ret));
358 }
359
360 gnutls_deinit(ctxt->session);
361 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
362 "GnuTLS: Handshake Failed (%d) '%s'", ret,
363 gnutls_strerror(ret));
364 ctxt->status = -1;
365 return;
366 }
367 else {
368 ctxt->status = 1;
369 return; /* all done with the handshake */
370 }
371 }
372 ctxt->status = -1;
373 return;
374#else
375 ret = gnutls_handshake(ctxt->session); 341 ret = gnutls_handshake(ctxt->session);
376 if (ret < 0) { 342 if (ret < 0) {
377 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED 343 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
@@ -393,8 +359,6 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
393 ctxt->status = 1; 359 ctxt->status = 1;
394 return; /* all done with the handshake */ 360 return; /* all done with the handshake */
395 } 361 }
396
397#endif
398} 362}
399 363
400 364
@@ -465,7 +429,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
465apr_status_t mod_gnutls_filter_output(ap_filter_t * f, 429apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
466 apr_bucket_brigade * bb) 430 apr_bucket_brigade * bb)
467{ 431{
468 int ret; 432 apr_size_t ret;
469 mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx; 433 mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx;
470 apr_status_t status = APR_SUCCESS; 434 apr_status_t status = APR_SUCCESS;
471 apr_read_type_e rblock = APR_NONBLOCK_READ; 435 apr_read_type_e rblock = APR_NONBLOCK_READ;
@@ -513,7 +477,6 @@ apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
513 477
514 } 478 }
515 else { 479 else {
516
517 /* filter output */ 480 /* filter output */
518 const char *data; 481 const char *data;
519 apr_size_t len; 482 apr_size_t len;
@@ -546,20 +509,10 @@ apr_status_t mod_gnutls_filter_output(ap_filter_t * f,
546 ctxt->output_rc = APR_EGENERAL; 509 ctxt->output_rc = APR_EGENERAL;
547 } 510 }
548 } 511 }
549 else if ((apr_size_t) ret != len) { 512 else if (ret != len) {
550 //apr_bucket_split(bucket, ret); 513 /* Not able to send the entire bucket,
551 //APR_BUCKET_REMOVE(bucket); 514 split it and send it again. */
552 /* not all of the data was sent. */ 515 apr_bucket_split(bucket, ret);
553 /* mod_ssl basicly errors out here.. this doesn't seem right? */
554 ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc,
555 ctxt->c->base_server,
556 "GnuTLS: failed to write %" APR_SSIZE_T_FMT
557 " of %" APR_SIZE_T_FMT " bytes.",
558 len - (apr_size_t) ret, len);
559 //continue;
560 if (ctxt->output_rc == APR_SUCCESS) {
561 ctxt->output_rc = APR_EGENERAL;
562 }
563 } 516 }
564 517
565 apr_bucket_delete(bucket); 518 apr_bucket_delete(bucket);
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index f1ab6a2..04f7db9 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -44,8 +44,9 @@ static int mod_gnutls_hook_pre_config(apr_pool_t * pconf,
44} 44}
45 45
46#define DH_BITS 1024 46#define DH_BITS 1024
47#ifdef USE_RSA
47#define RSA_BITS 512 48#define RSA_BITS 512
48 49#endif
49static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, 50static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
50 apr_pool_t * ptemp, 51 apr_pool_t * ptemp,
51 server_rec * base_server) 52 server_rec * base_server)
@@ -53,15 +54,17 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
53 mod_gnutls_srvconf_rec *sc; 54 mod_gnutls_srvconf_rec *sc;
54 server_rec *s; 55 server_rec *s;
55 gnutls_dh_params_t dh_params; 56 gnutls_dh_params_t dh_params;
57#ifdef USE_RSA
56 gnutls_rsa_params_t rsa_params; 58 gnutls_rsa_params_t rsa_params;
57 59#endif
58 60
59 /* TODO: Should we regenerate these after X requests / X time ? */ 61 /* TODO: Should we regenerate these after X requests / X time ? */
60 gnutls_dh_params_init(&dh_params); 62 gnutls_dh_params_init(&dh_params);
61 gnutls_dh_params_generate2(dh_params, DH_BITS); 63 gnutls_dh_params_generate2(dh_params, DH_BITS);
62// gnutls_rsa_params_init(&rsa_params); 64#ifdef USE_RSA
63// gnutls_rsa_params_generate2(rsa_params, RSA_BITS); 65 gnutls_rsa_params_init(&rsa_params);
64 66 gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
67#endif
65 for (s = base_server; s; s = s->next) { 68 for (s = base_server; s; s = s->next) {
66 sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, 69 sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
67 &gnutls_module); 70 &gnutls_module);
@@ -69,7 +72,9 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
69 gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, 72 gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file,
70 sc->key_file, 73 sc->key_file,
71 GNUTLS_X509_FMT_PEM); 74 GNUTLS_X509_FMT_PEM);
72// gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); 75#ifdef USE_RSA
76 gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params);
77#endif
73 gnutls_certificate_set_dh_params(sc->certs, dh_params); 78 gnutls_certificate_set_dh_params(sc->certs, dh_params);
74 } 79 }
75 else if (sc->enabled == GNUTLS_ENABLED_TRUE) { 80 else if (sc->enabled == GNUTLS_ENABLED_TRUE) {