summaryrefslogtreecommitdiffstatsabout
path: root/src/gnutls_hooks.c
diff options
context:
space:
mode:
authorPaul Querna <chip@outoforder.cc>2005-05-17 21:00:53 (GMT)
committer Paul Querna <chip@outoforder.cc>2005-05-17 21:00:53 (GMT)
commit84cb5b2ad2abada1069659895d16dcb64f669008 (patch)
tree447923776aaf6d7bb7c399e888845465ce0b4891 /src/gnutls_hooks.c
parent836417fceaf154bde03418a1525ff149f5a07cca (diff)
- add lua to do client verification
- only use gcrypt locking when required to
Diffstat (limited to 'src/gnutls_hooks.c')
-rw-r--r--src/gnutls_hooks.c28
1 files changed, 16 insertions, 12 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 2d12b51..3862c9d 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -17,6 +17,7 @@
17 17
18#include "mod_gnutls.h" 18#include "mod_gnutls.h"
19#include "http_vhost.h" 19#include "http_vhost.h"
20#include "ap_mpm.h"
20 21
21#if !USING_2_1_RECENT 22#if !USING_2_1_RECENT
22extern server_rec *ap_server_conf; 23extern server_rec *ap_server_conf;
@@ -30,6 +31,8 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
30static apr_file_t* debug_log_fp; 31static apr_file_t* debug_log_fp;
31#endif 32#endif
32 33
34static int mpm_is_threaded;
35
33static apr_status_t mgs_cleanup_pre_config(void *data) 36static apr_status_t mgs_cleanup_pre_config(void *data)
34{ 37{
35 gnutls_global_deinit(); 38 gnutls_global_deinit();
@@ -48,8 +51,12 @@ int mgs_hook_pre_config(apr_pool_t * pconf,
48{ 51{
49 52
50#if APR_HAS_THREADS 53#if APR_HAS_THREADS
51 /* TODO: Check MPM Type here */ 54 ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded);
52 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); 55 if (mpm_is_threaded) {
56 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
57 }
58#else
59 mpm_is_threaded = 0;
53#endif 60#endif
54 61
55 gnutls_global_init(); 62 gnutls_global_init();
@@ -234,11 +241,6 @@ int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
234 rv = gnutls_x509_crt_get_dn_by_oid(sc->cert_x509, 241 rv = gnutls_x509_crt_get_dn_by_oid(sc->cert_x509,
235 GNUTLS_OID_X520_COMMON_NAME, 0, 0, 242 GNUTLS_OID_X520_COMMON_NAME, 0, 0,
236 sc->cert_cn, &data_len); 243 sc->cert_cn, &data_len);
237 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
238 s,
239 "GnuTLS: sni-x509 cn: %s/%d pk: %s s: 0x%08X sc: 0x%08X", sc->cert_cn, rv,
240 gnutls_pk_algorithm_get_name(gnutls_x509_privkey_get_pk_algorithm(sc->privkey_x509)),
241 (unsigned int)s, (unsigned int)sc);
242 } 244 }
243 } 245 }
244 246
@@ -568,7 +570,6 @@ int mgs_hook_fixups(request_rec *r)
568 gnutls_x509_crt_get_issuer_dn(ctxt->sc->cert_x509, buf, &len); 570 gnutls_x509_crt_get_issuer_dn(ctxt->sc->cert_x509, buf, &len);
569 apr_table_setn(env, "SSL_SERVER_I_DN", apr_pstrmemdup(r->pool, buf, len)); 571 apr_table_setn(env, "SSL_SERVER_I_DN", apr_pstrmemdup(r->pool, buf, len));
570 } 572 }
571
572 return rv; 573 return rv;
573} 574}
574 575
@@ -585,11 +586,14 @@ int mgs_hook_authz(request_rec *r)
585 if (!ctxt) { 586 if (!ctxt) {
586 return DECLINED; 587 return DECLINED;
587 } 588 }
588 589 ap_add_common_vars(r);
589 if (!dc) { 590 mgs_hook_fixups(r);
590 dc = mgs_config_dir_create(r->pool, NULL); 591 status = mgs_authz_lua(r);
592 if (status != 0) {
593 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
594 "GnuTLS: FAILED Lua Authorization Test");
595 return HTTP_FORBIDDEN;
591 } 596 }
592
593 if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { 597 if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) {
594 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 598 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
595 "GnuTLS: Directory set to Ignore Client Certificate!"); 599 "GnuTLS: Directory set to Ignore Client Certificate!");
generated by cgit v0.9.2 at 2024-04-19 07:48:50 (GMT)