diff options
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | configure.ac | 23 | ||||
| -rw-r--r-- | src/gnutls_config.c | 7 | ||||
| -rw-r--r-- | src/gnutls_hooks.c | 6 | ||||
| -rw-r--r-- | src/mod_gnutls.c | 2 |
5 files changed, 41 insertions, 3 deletions
| @@ -1,3 +1,9 @@ | |||
| 1 | ** Version 0.4.3 | ||
| 2 | |||
| 3 | - Added --disable-srp configure option | ||
| 4 | |||
| 5 | - Better check for memcache (patch by Guillaume Rousse) | ||
| 6 | |||
| 1 | ** Version 0.4.2 (2007-12-10) | 7 | ** Version 0.4.2 (2007-12-10) |
| 2 | 8 | ||
| 3 | - Added support for sending a certificate chain. | 9 | - Added support for sending a certificate chain. |
diff --git a/configure.ac b/configure.ac index 259e289..63c05e1 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | dnl | 1 | dnl |
| 2 | AC_INIT(mod_gnutls, 0.4.2.1) | 2 | AC_INIT(mod_gnutls, 0.4.3) |
| 3 | OOO_CONFIG_NICE(config.nice) | 3 | OOO_CONFIG_NICE(config.nice) |
| 4 | MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION | 4 | MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION |
| 5 | AC_PREREQ(2.53) | 5 | AC_PREREQ(2.53) |
| @@ -28,8 +28,15 @@ CHECK_APACHE(,$AP_VERSION, | |||
| 28 | dnl LIBTOOL="`${APR_CONFIG} --apr-libtool`" | 28 | dnl LIBTOOL="`${APR_CONFIG} --apr-libtool`" |
| 29 | dnl AC_SUBST(LIBTOOL) | 29 | dnl AC_SUBST(LIBTOOL) |
| 30 | 30 | ||
| 31 | MIN_TLS_VERSION=2.1.7 | 31 | MIN_TLS_VERSION=2.2.1 |
| 32 | CHECK_LIBGNUTLS($MIN_TLS_VERSION) | 32 | CHECK_LIBGNUTLS($MIN_TLS_VERSION) |
| 33 | AM_PATH_LIBGNUTLS($MIN_TLS_VERSION,, | ||
| 34 | AC_MSG_ERROR([[ | ||
| 35 | *** | ||
| 36 | *** libgnutls were not found. You may want to get it from | ||
| 37 | *** http://www.gnutls.org/ | ||
| 38 | *** | ||
| 39 | ]])) | ||
| 33 | 40 | ||
| 34 | dnl CHECK_LUA() | 41 | dnl CHECK_LUA() |
| 35 | 42 | ||
| @@ -37,6 +44,16 @@ have_apr_memcache=0 | |||
| 37 | CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0]) | 44 | CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0]) |
| 38 | AC_SUBST(have_apr_memcache) | 45 | AC_SUBST(have_apr_memcache) |
| 39 | 46 | ||
| 47 | AC_ARG_ENABLE(srp, | ||
| 48 | AS_HELP_STRING([--disable-srp], | ||
| 49 | [unconditionally disable the SRP functionality]), | ||
| 50 | use_srp=$enableval, use_srp=yes) | ||
| 51 | if test "$use_srp" != "no"; then | ||
| 52 | AC_DEFINE_UNQUOTED(ENABLE_SRP, 1, [whether to enable SRP]) | ||
| 53 | fi | ||
| 54 | AC_MSG_CHECKING([whether to enable SRP functionality]) | ||
| 55 | AC_MSG_RESULT($use_srp) | ||
| 56 | |||
| 40 | MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}" | 57 | MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}" |
| 41 | MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}" | 58 | MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}" |
| 42 | 59 | ||
| @@ -51,6 +68,6 @@ echo "Configuration summary for mod_gnutls:" | |||
| 51 | echo "" | 68 | echo "" |
| 52 | echo " * mod_gnutls version: ${MOD_GNUTLS_VERSION}" | 69 | echo " * mod_gnutls version: ${MOD_GNUTLS_VERSION}" |
| 53 | echo " * Apache Modules directory: ${AP_LIBEXECDIR}" | 70 | echo " * Apache Modules directory: ${AP_LIBEXECDIR}" |
| 54 | echo " * GnuTLS Library version: ${LIBGNUTLS_VERSION}" | 71 | echo " * GnuTLS Library version: ${LIBGNUTLS_VERSION} | Required: ${MIN_TLS_VERSION}+" |
| 55 | echo "" | 72 | echo "" |
| 56 | echo "---" | 73 | echo "---" |
diff --git a/src/gnutls_config.c b/src/gnutls_config.c index 8d6308a..4786f6d 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c | |||
| @@ -202,6 +202,8 @@ const char *mgs_set_key_file(cmd_parms * parms, void *dummy, | |||
| 202 | return NULL; | 202 | return NULL; |
| 203 | } | 203 | } |
| 204 | 204 | ||
| 205 | #ifdef ENABLE_SRP | ||
| 206 | |||
| 205 | const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, | 207 | const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, |
| 206 | const char *arg) | 208 | const char *arg) |
| 207 | { | 209 | { |
| @@ -228,6 +230,8 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy, | |||
| 228 | return NULL; | 230 | return NULL; |
| 229 | } | 231 | } |
| 230 | 232 | ||
| 233 | #endif | ||
| 234 | |||
| 231 | const char *mgs_set_cache(cmd_parms * parms, void *dummy, | 235 | const char *mgs_set_cache(cmd_parms * parms, void *dummy, |
| 232 | const char *type, const char *arg) | 236 | const char *type, const char *arg) |
| 233 | { | 237 | { |
| @@ -426,6 +430,7 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) | |||
| 426 | ": (%d) %s", ret, gnutls_strerror(ret)); | 430 | ": (%d) %s", ret, gnutls_strerror(ret)); |
| 427 | } | 431 | } |
| 428 | 432 | ||
| 433 | #ifdef ENABLE_SRP | ||
| 429 | ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); | 434 | ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); |
| 430 | if (ret < 0) { | 435 | if (ret < 0) { |
| 431 | return apr_psprintf(p, "GnuTLS: Failed to initialize" | 436 | return apr_psprintf(p, "GnuTLS: Failed to initialize" |
| @@ -434,6 +439,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) | |||
| 434 | 439 | ||
| 435 | sc->srp_tpasswd_conf_file = NULL; | 440 | sc->srp_tpasswd_conf_file = NULL; |
| 436 | sc->srp_tpasswd_file = NULL; | 441 | sc->srp_tpasswd_file = NULL; |
| 442 | #endif | ||
| 443 | |||
| 437 | sc->privkey_x509 = NULL; | 444 | sc->privkey_x509 = NULL; |
| 438 | memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); | 445 | memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); |
| 439 | sc->certs_x509_num = 0; | 446 | sc->certs_x509_num = 0; |
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 55a1120..0483602 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
| @@ -115,11 +115,13 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) | |||
| 115 | 115 | ||
| 116 | gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); | 116 | gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); |
| 117 | 117 | ||
| 118 | #ifdef ENABLE_SRP | ||
| 118 | if (ctxt->sc->srp_tpasswd_conf_file != NULL | 119 | if (ctxt->sc->srp_tpasswd_conf_file != NULL |
| 119 | && ctxt->sc->srp_tpasswd_file != NULL) { | 120 | && ctxt->sc->srp_tpasswd_file != NULL) { |
| 120 | gnutls_credentials_set(session, GNUTLS_CRD_SRP, | 121 | gnutls_credentials_set(session, GNUTLS_CRD_SRP, |
| 121 | ctxt->sc->srp_creds); | 122 | ctxt->sc->srp_creds); |
| 122 | } | 123 | } |
| 124 | #endif | ||
| 123 | 125 | ||
| 124 | /* update the priorities - to avoid negotiating a ciphersuite that is not | 126 | /* update the priorities - to avoid negotiating a ciphersuite that is not |
| 125 | * enabled on this virtual server. Note that here we ignore the version | 127 | * enabled on this virtual server. Note that here we ignore the version |
| @@ -313,6 +315,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 313 | gnutls_certificate_server_set_retrieve_function(sc->certs, | 315 | gnutls_certificate_server_set_retrieve_function(sc->certs, |
| 314 | cert_retrieve_fn); | 316 | cert_retrieve_fn); |
| 315 | 317 | ||
| 318 | #ifdef ENABLE_SRP | ||
| 316 | if (sc->srp_tpasswd_conf_file != NULL | 319 | if (sc->srp_tpasswd_conf_file != NULL |
| 317 | && sc->srp_tpasswd_file != NULL) { | 320 | && sc->srp_tpasswd_file != NULL) { |
| 318 | rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, | 321 | rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, |
| @@ -329,6 +332,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 329 | exit(-1); | 332 | exit(-1); |
| 330 | } | 333 | } |
| 331 | } | 334 | } |
| 335 | #endif | ||
| 332 | 336 | ||
| 333 | if (sc->certs_x509[0] == NULL | 337 | if (sc->certs_x509[0] == NULL |
| 334 | && sc->enabled == GNUTLS_ENABLED_TRUE) { | 338 | && sc->enabled == GNUTLS_ENABLED_TRUE) { |
| @@ -662,8 +666,10 @@ int mgs_hook_fixups(request_rec * r) | |||
| 662 | gnutls_compression_get_name(gnutls_compression_get | 666 | gnutls_compression_get_name(gnutls_compression_get |
| 663 | (ctxt->session))); | 667 | (ctxt->session))); |
| 664 | 668 | ||
| 669 | #ifdef ENABLE_SRP | ||
| 665 | apr_table_setn(env, "SSL_SRP_USER", | 670 | apr_table_setn(env, "SSL_SRP_USER", |
| 666 | gnutls_srp_server_get_username(ctxt->session)); | 671 | gnutls_srp_server_get_username(ctxt->session)); |
| 672 | #endif | ||
| 667 | 673 | ||
| 668 | if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) | 674 | if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) |
| 669 | apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); | 675 | apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); |
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index a6e5528..a8363fe 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -80,6 +80,7 @@ static const command_rec mgs_config_cmds[] = { | |||
| 80 | NULL, | 80 | NULL, |
| 81 | RSRC_CONF, | 81 | RSRC_CONF, |
| 82 | "SSL Server SRP Password file"), | 82 | "SSL Server SRP Password file"), |
| 83 | #ifdef ENABLE_SRP | ||
| 83 | AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, | 84 | AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, |
| 84 | NULL, | 85 | NULL, |
| 85 | RSRC_CONF, | 86 | RSRC_CONF, |
| @@ -88,6 +89,7 @@ static const command_rec mgs_config_cmds[] = { | |||
| 88 | NULL, | 89 | NULL, |
| 89 | RSRC_CONF, | 90 | RSRC_CONF, |
| 90 | "SSL Server SRP Parameters file"), | 91 | "SSL Server SRP Parameters file"), |
| 92 | #endif | ||
| 91 | AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, | 93 | AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, |
| 92 | NULL, | 94 | NULL, |
| 93 | RSRC_CONF, | 95 | RSRC_CONF, |