summaryrefslogtreecommitdiffstatsabout
path: root/src/gnutls_io.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gnutls_io.c')
-rw-r--r--src/gnutls_io.c54
1 files changed, 30 insertions, 24 deletions
diff --git a/src/gnutls_io.c b/src/gnutls_io.c
index f761f96..f081284 100644
--- a/src/gnutls_io.c
+++ b/src/gnutls_io.c
@@ -353,13 +353,12 @@ static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt,
353 return APR_SUCCESS; 353 return APR_SUCCESS;
354} 354}
355 355
356 356static int gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
357static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
358{ 357{
359 int ret; 358 int ret;
360 int errcode; 359 int errcode;
361 if (ctxt->status != 0) { 360 if (ctxt->status != 0) {
362 return; 361 return 0;
363 } 362 }
364 363
365tryagain: 364tryagain:
@@ -388,11 +387,37 @@ tryagain:
388 gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, 387 gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
389 gnutls_error_to_alert(ret, NULL)); 388 gnutls_error_to_alert(ret, NULL));
390 gnutls_deinit(ctxt->session); 389 gnutls_deinit(ctxt->session);
391 return; 390 return ret;
392 } 391 }
393 else { 392 else {
393 /* all done with the handshake */
394 ctxt->status = 1; 394 ctxt->status = 1;
395 return; /* all done with the handshake */ 395 return ret;
396 }
397}
398
399int mod_gnutls_rehandshake(mod_gnutls_handle_t * ctxt)
400{
401 int rv;
402
403 rv = gnutls_rehandshake(ctxt->session);
404
405 if (rv != 0) {
406 /* the client did not want to rehandshake. goodbye */
407 ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
408 "GnuTLS: Client Refused Rehandshake request.");
409 return -1;
410 }
411
412 ctxt->status = 0;
413
414 gnutls_do_handshake(ctxt);
415
416 if (ctxt->status == 1) {
417 return 0;
418 }
419 else {
420 return -1;
396 } 421 }
397} 422}
398 423
@@ -414,26 +439,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t* f,
414 } 439 }
415 440
416 if (ctxt->status == 0) { 441 if (ctxt->status == 0) {
417 char* server_name;
418 int server_type;
419 int data_len = 256;
420
421 gnutls_do_handshake(ctxt); 442 gnutls_do_handshake(ctxt);
422
423 /**
424 * Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1
425 * Server Name Indication.
426 */
427 server_name = apr_palloc(ctxt->c->pool, data_len);
428 if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
429 if (server_type == GNUTLS_NAME_DNS) {
430 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
431 ctxt->c->base_server,
432 "GnuTLS: TLS 1.1 Server Name: "
433 "%s", server_name);
434
435 }
436 }
437 } 443 }
438 444
439 if (ctxt->status < 0) { 445 if (ctxt->status < 0) {