summaryrefslogtreecommitdiffstatsabout
path: root/src/mod_gnutls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mod_gnutls.c')
-rw-r--r--src/mod_gnutls.c52
1 files changed, 46 insertions, 6 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index edf7068..b803ce7 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -189,6 +189,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
189 sc->cache_config = sc_base->cache_config; 189 sc->cache_config = sc_base->cache_config;
190 190
191 if (sc->cert_file != NULL && sc->key_file != NULL) { 191 if (sc->cert_file != NULL && sc->key_file != NULL) {
192
192 rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, 193 rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file,
193 sc->key_file, 194 sc->key_file,
194 GNUTLS_X509_FMT_PEM); 195 GNUTLS_X509_FMT_PEM);
@@ -214,7 +215,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
214 } 215 }
215 } /* first_run */ 216 } /* first_run */
216 217
217 ap_add_version_component(p, "GnuTLS/" LIBGNUTLS_VERSION); 218 ap_add_version_component(p, "mod_gnutls/" MOD_GNUTLS_VERSION);
218 219
219 return OK; 220 return OK;
220} 221}
@@ -266,6 +267,30 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
266 return 443; 267 return 443;
267} 268}
268 269
270/* TODO: Complete support for Server Name Indication */
271static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret)
272{
273 char* server_name;
274 int server_type;
275 int data_len = 256;
276 mod_gnutls_handle_t *ctxt;
277 ctxt = gnutls_transport_get_ptr(session);
278
279 ret->type = GNUTLS_CRT_X509;
280 ret->ncerts = 1;
281 server_name = apr_palloc(ctxt->c->pool, data_len);
282 if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
283 if (server_type == GNUTLS_NAME_DNS) {
284 ap_log_error(APLOG_MARK, APLOG_INFO, 0,
285 ctxt->c->base_server,
286 "GnuTLS: Virtual Host: "
287 "%s", server_name);
288 }
289 }
290
291 return 0;
292}
293
269static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) 294static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
270{ 295{
271 mod_gnutls_handle_t *ctxt; 296 mod_gnutls_handle_t *ctxt;
@@ -299,13 +324,12 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
299 324
300 gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs); 325 gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs);
301 326
302// if(anon) {
303// gnutls_credentials_set(ctxt->session, GNUTLS_CRD_ANON, sc->anoncred);
304// }
305
306 gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); 327 gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE);
307 328
308 mod_gnutls_cache_session_init(ctxt); 329 mod_gnutls_cache_session_init(ctxt);
330
331 /* TODO: Finish Support for Server Name Indication */
332 /* gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); */
309 return ctxt; 333 return ctxt;
310} 334}
311 335
@@ -341,7 +365,10 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
341 365
342static int mod_gnutls_hook_fixups(request_rec *r) 366static int mod_gnutls_hook_fixups(request_rec *r)
343{ 367{
368 unsigned char sbuf[GNUTLS_MAX_SESSION_ID];
369 char buf[GNUTLS_SESSION_ID_STRING_LEN];
344 const char* tmp; 370 const char* tmp;
371 int len;
345 mod_gnutls_handle_t *ctxt; 372 mod_gnutls_handle_t *ctxt;
346 apr_table_t *env = r->subprocess_env; 373 apr_table_t *env = r->subprocess_env;
347 374
@@ -352,17 +379,30 @@ static int mod_gnutls_hook_fixups(request_rec *r)
352 } 379 }
353 380
354 apr_table_setn(env, "HTTPS", "on"); 381 apr_table_setn(env, "HTTPS", "on");
382
383 apr_table_setn(env, "GNUTLS_VERSION_INTERFACE", MOD_GNUTLS_VERSION);
384 apr_table_setn(env, "GNUTLS_VERSION_LIBRARY", LIBGNUTLS_VERSION);
385
355 apr_table_setn(env, "SSL_PROTOCOL", 386 apr_table_setn(env, "SSL_PROTOCOL",
356 gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session))); 387 gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session)));
388
357 apr_table_setn(env, "SSL_CIPHER", 389 apr_table_setn(env, "SSL_CIPHER",
358 gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session))); 390 gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session)));
359 391
392 apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
393
360 tmp = apr_psprintf(r->pool, "%d", 394 tmp = apr_psprintf(r->pool, "%d",
361 8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session))); 395 8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session)));
362 396
363 apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp); 397 apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp);
398
364 apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp); 399 apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp);
365 400
401 len = sizeof(sbuf);
402 gnutls_session_get_id(ctxt->session, sbuf, &len);
403 tmp = mod_gnutls_session_id2sz(sbuf, len, buf, sizeof(buf));
404 apr_table_setn(env, "SSL_SESSION_ID", tmp);
405
366 return OK; 406 return OK;
367} 407}
368 408
@@ -384,6 +424,7 @@ static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy,
384 (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> 424 (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
385 module_config, 425 module_config,
386 &gnutls_module); 426 &gnutls_module);
427
387 sc->key_file = ap_server_root_relative(parms->pool, arg); 428 sc->key_file = ap_server_root_relative(parms->pool, arg);
388 return NULL; 429 return NULL;
389} 430}
@@ -508,7 +549,6 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
508 sc->enabled = GNUTLS_ENABLED_FALSE; 549 sc->enabled = GNUTLS_ENABLED_FALSE;
509 550
510 gnutls_certificate_allocate_credentials(&sc->certs); 551 gnutls_certificate_allocate_credentials(&sc->certs);
511 gnutls_anon_allocate_server_credentials(&sc->anoncred);
512 sc->key_file = NULL; 552 sc->key_file = NULL;
513 sc->cert_file = NULL; 553 sc->cert_file = NULL;
514 sc->cache_timeout = apr_time_from_sec(3600); 554 sc->cache_timeout = apr_time_from_sec(3600);