re-order the cipher types.

Add a fixups hook and some Basic Env vars
author: Paul Querna <chip@outoforder.cc> 2004-12-06 06:07:15 (GMT)
committer: Paul Querna <chip@outoforder.cc> 2004-12-06 06:07:15 (GMT)
commit: 0314debf01c32040851395b66669b75bbc1220cc (patch)
tree: f545c7b1a22176299374258ac6fe45ce7beb65c1 /src
parent: 0b3bc057ca6c68214614f257704cb5a332747b75 (diff)
1 files changed, 31 insertions, 2 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index 9cccb03..f1ab6a2 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -181,6 +181,32 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
    return OK;
 }
+static int mod_gnutls_hook_fixups(request_rec *r)
+{
+    const char* tmp;
+    mod_gnutls_handle_t *ctxt;
+    apr_table_t *env = r->subprocess_env;
+    ctxt = ap_get_module_config(r->connection->conn_config, &gnutls_module);
+    if(!ctxt) {
+        return DECLINED;
+    }
+    apr_table_setn(env, "HTTPS", "on");
+    apr_table_setn(env, "SSL_PROTOCOL",
+                   gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session)));
+    apr_table_setn(env, "SSL_CIPHER",
+                   gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session)));
+    tmp = apr_psprintf(r->pool, "%d",
+              8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session)));
+    apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp);
+    apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp);
+    return OK;
+}
 static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy,
                                        const char *arg)
 {
@@ -259,6 +285,8 @@ static void gnutls_hooks(apr_pool_t * p)
    ap_hook_pre_config(mod_gnutls_hook_pre_config, NULL, NULL,
                       APR_HOOK_MIDDLE);
+    ap_hook_fixups(mod_gnutls_hook_fixups, NULL, NULL, APR_HOOK_MIDDLE);
    /* TODO: HTTP Upgrade Filter */
    /* ap_register_output_filter ("UPGRADE_FILTER", 
     *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
@@ -284,7 +312,8 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
    sc->cert_file = NULL;
    i = 0;
-    sc->ciphers[i++] = GNUTLS_CIPHER_RIJNDAEL_128_CBC;
+    sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC;
+    sc->ciphers[i++] = GNUTLS_CIPHER_AES_128_CBC;
    sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_128;
    sc->ciphers[i++] = GNUTLS_CIPHER_3DES_CBC;
    sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_40;
@@ -299,8 +328,8 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
    sc->key_exchange[i] = 0;
    i = 0;
-    sc->macs[i++] = GNUTLS_MAC_MD5;
    sc->macs[i++] = GNUTLS_MAC_SHA;
+    sc->macs[i++] = GNUTLS_MAC_MD5;
    sc->macs[i++] = GNUTLS_MAC_RMD160;
    sc->macs[i] = 0;
author	Paul Querna <chip@outoforder.cc>	2004-12-06 06:07:15 (GMT)
committer	Paul Querna <chip@outoforder.cc>	2004-12-06 06:07:15 (GMT)
commit	0314debf01c32040851395b66669b75bbc1220cc (patch)
tree	f545c7b1a22176299374258ac6fe45ce7beb65c1 /src
parent	0b3bc057ca6c68214614f257704cb5a332747b75 (diff)

diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 9cccb03..f1ab6a2 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c
@@ -181,6 +181,32 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
181	return OK;	181	return OK;
182	}	182	}
183		183
		184	static int mod_gnutls_hook_fixups(request_rec *r)
		185	{
		186	const char* tmp;
		187	mod_gnutls_handle_t *ctxt;
		188	apr_table_t *env = r->subprocess_env;
		189
		190	ctxt = ap_get_module_config(r->connection->conn_config, &gnutls_module);
		191
		192	if(!ctxt) {
		193	return DECLINED;
		194	}
		195	apr_table_setn(env, "HTTPS", "on");
		196	apr_table_setn(env, "SSL_PROTOCOL",
		197	gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session)));
		198	apr_table_setn(env, "SSL_CIPHER",
		199	gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session)));
		200
		201	tmp = apr_psprintf(r->pool, "%d",
		202	8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session)));
		203
		204	apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp);
		205	apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp);
		206
		207	return OK;
		208	}
		209
184	static const char gnutls_set_cert_file(cmd_parms parms, void *dummy,	210	static const char gnutls_set_cert_file(cmd_parms parms, void *dummy,
185	const char *arg)	211	const char *arg)
186	{	212	{
@@ -259,6 +285,8 @@ static void gnutls_hooks(apr_pool_t * p)
259	ap_hook_pre_config(mod_gnutls_hook_pre_config, NULL, NULL,	285	ap_hook_pre_config(mod_gnutls_hook_pre_config, NULL, NULL,
260	APR_HOOK_MIDDLE);	286	APR_HOOK_MIDDLE);
261		287
		288	ap_hook_fixups(mod_gnutls_hook_fixups, NULL, NULL, APR_HOOK_MIDDLE);
		289
262	/* TODO: HTTP Upgrade Filter */	290	/* TODO: HTTP Upgrade Filter */
263	/* ap_register_output_filter ("UPGRADE_FILTER",	291	/* ap_register_output_filter ("UPGRADE_FILTER",
264	* ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);	292	* ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
@@ -284,7 +312,8 @@ static void gnutls_config_server_create(apr_pool_t p, server_rec * s)
284	sc->cert_file = NULL;	312	sc->cert_file = NULL;
285		313
286	i = 0;	314	i = 0;
287	sc->ciphers[i++] = GNUTLS_CIPHER_RIJNDAEL_128_CBC;	315	sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC;
		316	sc->ciphers[i++] = GNUTLS_CIPHER_AES_128_CBC;
288	sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_128;	317	sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_128;
289	sc->ciphers[i++] = GNUTLS_CIPHER_3DES_CBC;	318	sc->ciphers[i++] = GNUTLS_CIPHER_3DES_CBC;
290	sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_40;	319	sc->ciphers[i++] = GNUTLS_CIPHER_ARCFOUR_40;
@@ -299,8 +328,8 @@ static void gnutls_config_server_create(apr_pool_t p, server_rec * s)
299	sc->key_exchange[i] = 0;	328	sc->key_exchange[i] = 0;
300		329
301	i = 0;	330	i = 0;
302	sc->macs[i++] = GNUTLS_MAC_MD5;
303	sc->macs[i++] = GNUTLS_MAC_SHA;	331	sc->macs[i++] = GNUTLS_MAC_SHA;
		332	sc->macs[i++] = GNUTLS_MAC_MD5;
304	sc->macs[i++] = GNUTLS_MAC_RMD160;	333	sc->macs[i++] = GNUTLS_MAC_RMD160;
305	sc->macs[i] = 0;	334	sc->macs[i] = 0;
306		335