summaryrefslogtreecommitdiffstatsabout
path: root/src/gnutls_hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gnutls_hooks.c')
-rw-r--r--src/gnutls_hooks.c59
1 files changed, 44 insertions, 15 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 5ced25b..57bfeba 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -54,6 +54,9 @@ static void gnutls_debug_log_all(int level, const char *str)
54{ 54{
55 apr_file_printf(debug_log_fp, "<%d> %s\n", level, str); 55 apr_file_printf(debug_log_fp, "<%d> %s\n", level, str);
56} 56}
57#define _gnutls_log apr_file_printf
58#else
59# define _gnutls_log(...)
57#endif 60#endif
58 61
59int 62int
@@ -62,6 +65,18 @@ mgs_hook_pre_config(apr_pool_t * pconf,
62{ 65{
63int ret; 66int ret;
64 67
68#if MOD_GNUTLS_DEBUG
69 apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
70 APR_APPEND | APR_WRITE | APR_CREATE, APR_OS_DEFAULT,
71 pconf);
72
73 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
74
75 gnutls_global_set_log_level(9);
76 gnutls_global_set_log_function(gnutls_debug_log_all);
77 _gnutls_log(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL));
78#endif
79
65#if APR_HAS_THREADS 80#if APR_HAS_THREADS
66 ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded); 81 ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded);
67 if (mpm_is_threaded) { 82 if (mpm_is_threaded) {
@@ -72,29 +87,20 @@ int ret;
72#endif 87#endif
73 88
74 if (gnutls_check_version(LIBGNUTLS_VERSION)==NULL) { 89 if (gnutls_check_version(LIBGNUTLS_VERSION)==NULL) {
75 fprintf(stderr, "gnutls_check_version() failed. Required: gnutls-%s Found: gnutls-%s\n", 90 _gnutls_log(debug_log_fp, "gnutls_check_version() failed. Required: gnutls-%s Found: gnutls-%s\n",
76 LIBGNUTLS_VERSION, gnutls_check_version(NULL)); 91 LIBGNUTLS_VERSION, gnutls_check_version(NULL));
77 return -3; 92 return -3;
78 } 93 }
79 94
80 ret = gnutls_global_init(); 95 ret = gnutls_global_init();
81 if (ret < 0) { 96 if (ret < 0) {
82 fprintf(stderr, "gnutls_global_init: %s\n", gnutls_strerror(ret)); 97 _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret));
83 return -3; 98 return -3;
84 } 99 }
85 100
86 apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, 101 apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config,
87 apr_pool_cleanup_null); 102 apr_pool_cleanup_null);
88 103
89#if MOD_GNUTLS_DEBUG
90 apr_file_open(&debug_log_fp, "/tmp/gnutls_debug",
91 APR_APPEND | APR_WRITE | APR_CREATE, APR_OS_DEFAULT,
92 pconf);
93
94 gnutls_global_set_log_level(9);
95 gnutls_global_set_log_function(gnutls_debug_log_all);
96 apr_file_printf(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL));
97#endif
98 104
99 return OK; 105 return OK;
100} 106}
@@ -106,6 +112,8 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session)
106 int ret; 112 int ret;
107 int cprio[2]; 113 int cprio[2];
108 114
115 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
116
109 ctxt = gnutls_transport_get_ptr(session); 117 ctxt = gnutls_transport_get_ptr(session);
110 118
111 /* find the virtual server */ 119 /* find the virtual server */
@@ -162,8 +170,12 @@ static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st * ret)
162{ 170{
163 mgs_handle_t *ctxt; 171 mgs_handle_t *ctxt;
164 172
173 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
165 ctxt = gnutls_transport_get_ptr(session); 174 ctxt = gnutls_transport_get_ptr(session);
166 175
176 if (ctxt == NULL)
177 return GNUTLS_E_INTERNAL_ERROR;
178
167 if (gnutls_certificate_type_get( session) == GNUTLS_CRT_X509) { 179 if (gnutls_certificate_type_get( session) == GNUTLS_CRT_X509) {
168 ret->type = GNUTLS_CRT_X509; 180 ret->type = GNUTLS_CRT_X509;
169 ret->ncerts = ctxt->sc->certs_x509_num; 181 ret->ncerts = ctxt->sc->certs_x509_num;
@@ -210,6 +222,7 @@ static int read_crt_cn(server_rec * s, apr_pool_t * p,
210 size_t data_len; 222 size_t data_len;
211 223
212 224
225 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
213 *cert_cn = NULL; 226 *cert_cn = NULL;
214 227
215 data_len = 0; 228 data_len = 0;
@@ -261,6 +274,7 @@ static int read_pgpcrt_cn(server_rec * s, apr_pool_t * p,
261 size_t data_len; 274 size_t data_len;
262 275
263 276
277 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
264 *cert_cn = NULL; 278 *cert_cn = NULL;
265 279
266 data_len = 0; 280 data_len = 0;
@@ -293,6 +307,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
293 int first_run = 0; 307 int first_run = 0;
294 const char *userdata_key = "mgs_init"; 308 const char *userdata_key = "mgs_init";
295 309
310 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
296 apr_pool_userdata_get(&data, userdata_key, base_server->process->pool); 311 apr_pool_userdata_get(&data, userdata_key, base_server->process->pool);
297 if (data == NULL) { 312 if (data == NULL) {
298 first_run = 1; 313 first_run = 1;
@@ -394,8 +409,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
394 } 409 }
395#endif 410#endif
396 411
397 if (sc->certs_x509[0] == NULL 412 if (sc->certs_x509[0] == NULL &&
398 && sc->enabled == GNUTLS_ENABLED_TRUE) { 413 sc->cert_pgp == NULL &&
414 sc->enabled == GNUTLS_ENABLED_TRUE) {
399 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 415 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
400 "[GnuTLS] - Host '%s:%d' is missing a " 416 "[GnuTLS] - Host '%s:%d' is missing a "
401 "Certificate File!", s->server_hostname, 417 "Certificate File!", s->server_hostname,
@@ -403,8 +419,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
403 exit(-1); 419 exit(-1);
404 } 420 }
405 421
406 if (sc->privkey_x509 == NULL 422 if (sc->enabled == GNUTLS_ENABLED_TRUE &&
407 && sc->enabled == GNUTLS_ENABLED_TRUE) { 423 ((sc->certs_x509[0] != NULL && sc->privkey_x509 == NULL) ||
424 (sc->cert_pgp != NULL && sc->privkey_pgp == NULL))) {
408 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 425 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
409 "[GnuTLS] - Host '%s:%d' is missing a " 426 "[GnuTLS] - Host '%s:%d' is missing a "
410 "Private Key File!", 427 "Private Key File!",
@@ -439,6 +456,7 @@ void mgs_hook_child_init(apr_pool_t * p, server_rec * s)
439 mgs_srvconf_rec *sc = ap_get_module_config(s->module_config, 456 mgs_srvconf_rec *sc = ap_get_module_config(s->module_config,
440 &gnutls_module); 457 &gnutls_module);
441 458
459 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
442 if (sc->cache_type != mgs_cache_none) { 460 if (sc->cache_type != mgs_cache_none) {
443 rv = mgs_cache_child_init(p, s, sc); 461 rv = mgs_cache_child_init(p, s, sc);
444 if (rv != APR_SUCCESS) { 462 if (rv != APR_SUCCESS) {
@@ -457,6 +475,7 @@ const char *mgs_hook_http_scheme(const request_rec * r)
457 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, 475 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config,
458 &gnutls_module); 476 &gnutls_module);
459 477
478 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
460 if (sc->enabled == GNUTLS_ENABLED_FALSE) { 479 if (sc->enabled == GNUTLS_ENABLED_FALSE) {
461 return NULL; 480 return NULL;
462 } 481 }
@@ -470,6 +489,7 @@ apr_port_t mgs_hook_default_port(const request_rec * r)
470 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, 489 (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config,
471 &gnutls_module); 490 &gnutls_module);
472 491
492 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
473 if (sc->enabled == GNUTLS_ENABLED_FALSE) { 493 if (sc->enabled == GNUTLS_ENABLED_FALSE) {
474 return 0; 494 return 0;
475 } 495 }
@@ -491,6 +511,7 @@ static int vhost_cb(void *baton, conn_rec * conn, server_rec * s)
491 mgs_srvconf_rec *tsc; 511 mgs_srvconf_rec *tsc;
492 vhost_cb_rec *x = baton; 512 vhost_cb_rec *x = baton;
493 513
514 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
494 tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config, 515 tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
495 &gnutls_module); 516 &gnutls_module);
496 517
@@ -543,6 +564,7 @@ mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session)
543 mgs_srvconf_rec *tsc; 564 mgs_srvconf_rec *tsc;
544#endif 565#endif
545 566
567 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
546 ctxt = gnutls_transport_get_ptr(session); 568 ctxt = gnutls_transport_get_ptr(session);
547 569
548 rv = gnutls_server_name_get(ctxt->session, sni_name, 570 rv = gnutls_server_name_get(ctxt->session, sni_name,
@@ -620,6 +642,7 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c)
620 module_config, 642 module_config,
621 &gnutls_module); 643 &gnutls_module);
622 644
645 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
623 ctxt = apr_pcalloc(pool, sizeof(*ctxt)); 646 ctxt = apr_pcalloc(pool, sizeof(*ctxt));
624 ctxt->c = c; 647 ctxt->c = c;
625 ctxt->sc = sc; 648 ctxt->sc = sc;
@@ -658,6 +681,7 @@ int mgs_hook_pre_connection(conn_rec * c, void *csd)
658 module_config, 681 module_config,
659 &gnutls_module); 682 &gnutls_module);
660 683
684 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
661 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { 685 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
662 return DECLINED; 686 return DECLINED;
663 } 687 }
@@ -687,6 +711,7 @@ int mgs_hook_fixups(request_rec * r)
687 mgs_handle_t *ctxt; 711 mgs_handle_t *ctxt;
688 int rv = OK; 712 int rv = OK;
689 713
714 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
690 apr_table_t *env = r->subprocess_env; 715 apr_table_t *env = r->subprocess_env;
691 716
692 ctxt = 717 ctxt =
@@ -761,6 +786,7 @@ int mgs_hook_authz(request_rec * r)
761 mgs_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, 786 mgs_dirconf_rec *dc = ap_get_module_config(r->per_dir_config,
762 &gnutls_module); 787 &gnutls_module);
763 788
789 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
764 ctxt = 790 ctxt =
765 ap_get_module_config(r->connection->conn_config, &gnutls_module); 791 ap_get_module_config(r->connection->conn_config, &gnutls_module);
766 792
@@ -822,6 +848,7 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side,
822 848
823 apr_table_t *env = r->subprocess_env; 849 apr_table_t *env = r->subprocess_env;
824 850
851 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
825 if (export_certificates_enabled != 0) { 852 if (export_certificates_enabled != 0) {
826 char cert_buf[10 * 1024]; 853 char cert_buf[10 * 1024];
827 len = sizeof(cert_buf); 854 len = sizeof(cert_buf);
@@ -928,6 +955,7 @@ mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side
928 size_t len; 955 size_t len;
929 int ret; 956 int ret;
930 957
958 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
931 apr_table_t *env = r->subprocess_env; 959 apr_table_t *env = r->subprocess_env;
932 960
933 if (export_certificates_enabled != 0) { 961 if (export_certificates_enabled != 0) {
@@ -994,6 +1022,7 @@ static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt)
994 } cert; 1022 } cert;
995 apr_time_t activation_time, expiration_time, cur_time; 1023 apr_time_t activation_time, expiration_time, cur_time;
996 1024
1025 _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
997 cert_list = 1026 cert_list =
998 gnutls_certificate_get_peers(ctxt->session, &cert_list_size); 1027 gnutls_certificate_get_peers(ctxt->session, &cert_list_size);
999 1028
generated by cgit v0.9.2 at 2024-04-19 20:34:36 (GMT)