summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2008-02-20 19:50:09 (GMT)
committer Nokis Mavrogiannopoulos <nmav@gnutls.org>2008-02-20 19:50:09 (GMT)
commit787dab7316f5a9a314b538d0876a9e57af977dc3 (patch)
treee1fb01b994eba94e6d357fddffb1459d9fddd018
parent2cdc2649f2201af83d570fc418a984fe936d6fe0 (diff)
added option to disable srp (for distributions that disable it in gnutls)
-rw-r--r--configure.ac12
-rw-r--r--src/gnutls_config.c7
-rw-r--r--src/gnutls_hooks.c6
-rw-r--r--src/mod_gnutls.c2
4 files changed, 26 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index 0cdcdd9..28001b3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
1dnl 1dnl
2AC_INIT(mod_gnutls, 0.5.0-alpha) 2AC_INIT(mod_gnutls, 0.5.1)
3OOO_CONFIG_NICE(config.nice) 3OOO_CONFIG_NICE(config.nice)
4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION 4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
5AC_PREREQ(2.53) 5AC_PREREQ(2.53)
@@ -37,6 +37,16 @@ AM_PATH_LIBGNUTLS_EXTRA($MIN_TLS_VERSION,,
37*** 37***
38]])) 38]]))
39 39
40AC_ARG_ENABLE(srp,
41 AS_HELP_STRING([--disable-srp],
42 [unconditionally disable the SRP functionality]),
43 use_srp=$enableval, use_srp=yes)
44if test "$use_srp" != "no"; then
45 AC_DEFINE_UNQUOTED(ENABLE_SRP, 1, [whether to enable SRP])
46fi
47AC_MSG_CHECKING([whether to enable SRP functionality])
48AC_MSG_RESULT($use_srp)
49
40dnl CHECK_LUA() 50dnl CHECK_LUA()
41 51
42have_apr_memcache=0 52have_apr_memcache=0
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index f08512e..e290d90 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -281,6 +281,8 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
281} 281}
282 282
283 283
284#ifdef ENABLE_SRP
285
284const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, 286const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
285 const char *arg) 287 const char *arg)
286{ 288{
@@ -307,6 +309,8 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
307 return NULL; 309 return NULL;
308} 310}
309 311
312#endif
313
310const char *mgs_set_cache(cmd_parms * parms, void *dummy, 314const char *mgs_set_cache(cmd_parms * parms, void *dummy,
311 const char *type, const char *arg) 315 const char *type, const char *arg)
312{ 316{
@@ -543,6 +547,7 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
543 ": (%d) %s", ret, gnutls_strerror(ret)); 547 ": (%d) %s", ret, gnutls_strerror(ret));
544 } 548 }
545 549
550#ifdef ENABLE_SRP
546 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); 551 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds);
547 if (ret < 0) { 552 if (ret < 0) {
548 return apr_psprintf(p, "GnuTLS: Failed to initialize" 553 return apr_psprintf(p, "GnuTLS: Failed to initialize"
@@ -551,6 +556,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
551 556
552 sc->srp_tpasswd_conf_file = NULL; 557 sc->srp_tpasswd_conf_file = NULL;
553 sc->srp_tpasswd_file = NULL; 558 sc->srp_tpasswd_file = NULL;
559#endif
560
554 sc->privkey_x509 = NULL; 561 sc->privkey_x509 = NULL;
555 memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); 562 memset( sc->certs_x509, 0, sizeof(sc->certs_x509));
556 sc->certs_x509_num = 0; 563 sc->certs_x509_num = 0;
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 26917b8..ee3c2db 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -131,11 +131,13 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session)
131 131
132 gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); 132 gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds);
133 133
134#ifdef ENABLE_SRP
134 if (ctxt->sc->srp_tpasswd_conf_file != NULL 135 if (ctxt->sc->srp_tpasswd_conf_file != NULL
135 && ctxt->sc->srp_tpasswd_file != NULL) { 136 && ctxt->sc->srp_tpasswd_file != NULL) {
136 gnutls_credentials_set(session, GNUTLS_CRD_SRP, 137 gnutls_credentials_set(session, GNUTLS_CRD_SRP,
137 ctxt->sc->srp_creds); 138 ctxt->sc->srp_creds);
138 } 139 }
140#endif
139 141
140 /* update the priorities - to avoid negotiating a ciphersuite that is not 142 /* update the priorities - to avoid negotiating a ciphersuite that is not
141 * enabled on this virtual server. Note that here we ignore the version 143 * enabled on this virtual server. Note that here we ignore the version
@@ -379,6 +381,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
379 gnutls_certificate_server_set_retrieve_function(sc->certs, 381 gnutls_certificate_server_set_retrieve_function(sc->certs,
380 cert_retrieve_fn); 382 cert_retrieve_fn);
381 383
384#ifdef ENABLE_SRP
382 if (sc->srp_tpasswd_conf_file != NULL 385 if (sc->srp_tpasswd_conf_file != NULL
383 && sc->srp_tpasswd_file != NULL) { 386 && sc->srp_tpasswd_file != NULL) {
384 rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, 387 rv = gnutls_srp_set_server_credentials_file(sc->srp_creds,
@@ -395,6 +398,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
395 exit(-1); 398 exit(-1);
396 } 399 }
397 } 400 }
401#endif
398 402
399 if (sc->certs_x509[0] == NULL 403 if (sc->certs_x509[0] == NULL
400 && sc->enabled == GNUTLS_ENABLED_TRUE) { 404 && sc->enabled == GNUTLS_ENABLED_TRUE) {
@@ -722,8 +726,10 @@ int mgs_hook_fixups(request_rec * r)
722 gnutls_compression_get_name(gnutls_compression_get 726 gnutls_compression_get_name(gnutls_compression_get
723 (ctxt->session))); 727 (ctxt->session)));
724 728
729#ifdef ENABLE_SRP
725 apr_table_setn(env, "SSL_SRP_USER", 730 apr_table_setn(env, "SSL_SRP_USER",
726 gnutls_srp_server_get_username(ctxt->session)); 731 gnutls_srp_server_get_username(ctxt->session));
732#endif
727 733
728 if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) 734 if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL)
729 apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); 735 apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index 014bfc8..5207641 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -104,6 +104,7 @@ static const command_rec mgs_config_cmds[] = {
104 NULL, 104 NULL,
105 RSRC_CONF, 105 RSRC_CONF,
106 "SSL Server PGP Private key file"), 106 "SSL Server PGP Private key file"),
107#ifdef ENABLE_SRP
107 AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, 108 AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file,
108 NULL, 109 NULL,
109 RSRC_CONF, 110 RSRC_CONF,
@@ -112,6 +113,7 @@ static const command_rec mgs_config_cmds[] = {
112 NULL, 113 NULL,
113 RSRC_CONF, 114 RSRC_CONF,
114 "SSL Server SRP Parameters file"), 115 "SSL Server SRP Parameters file"),
116#endif
115 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, 117 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
116 NULL, 118 NULL,
117 RSRC_CONF, 119 RSRC_CONF,