summaryrefslogtreecommitdiffstatsabout
path: root/src/mod_gnutls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mod_gnutls.c')
-rw-r--r--src/mod_gnutls.c253
1 files changed, 128 insertions, 125 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index c95d183..49f4e43 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -19,143 +19,146 @@
19 19
20static void gnutls_hooks(apr_pool_t * p) 20static void gnutls_hooks(apr_pool_t * p)
21{ 21{
22 ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL, 22 ap_hook_pre_connection(mgs_hook_pre_connection, NULL, NULL,
23 APR_HOOK_MIDDLE); 23 APR_HOOK_MIDDLE);
24 ap_hook_post_config(mgs_hook_post_config, NULL, NULL, 24 ap_hook_post_config(mgs_hook_post_config, NULL, NULL,
25 APR_HOOK_MIDDLE); 25 APR_HOOK_MIDDLE);
26 ap_hook_child_init(mgs_hook_child_init, NULL, NULL, 26 ap_hook_child_init(mgs_hook_child_init, NULL, NULL,
27 APR_HOOK_MIDDLE); 27 APR_HOOK_MIDDLE);
28#if USING_2_1_RECENT 28#if USING_2_1_RECENT
29 ap_hook_http_scheme(mgs_hook_http_scheme, NULL, NULL, 29 ap_hook_http_scheme(mgs_hook_http_scheme, NULL, NULL,
30 APR_HOOK_MIDDLE); 30 APR_HOOK_MIDDLE);
31#else 31#else
32 ap_hook_http_method(mgs_hook_http_scheme, NULL, NULL, 32 ap_hook_http_method(mgs_hook_http_scheme, NULL, NULL,
33 APR_HOOK_MIDDLE); 33 APR_HOOK_MIDDLE);
34#endif 34#endif
35 ap_hook_default_port(mgs_hook_default_port, NULL, NULL, 35 ap_hook_default_port(mgs_hook_default_port, NULL, NULL,
36 APR_HOOK_MIDDLE); 36 APR_HOOK_MIDDLE);
37 ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL, 37 ap_hook_pre_config(mgs_hook_pre_config, NULL, NULL,
38 APR_HOOK_MIDDLE); 38 APR_HOOK_MIDDLE);
39
40 ap_hook_access_checker(mgs_hook_authz, NULL, NULL, APR_HOOK_REALLY_FIRST);
41
42 ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
43
44 /* TODO: HTTP Upgrade Filter */
45 /* ap_register_output_filter ("UPGRADE_FILTER",
46 * ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
47 */
48 39
49 ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME, 40 ap_hook_access_checker(mgs_hook_authz, NULL, NULL,
50 mgs_filter_input, NULL, 41 APR_HOOK_REALLY_FIRST);
51 AP_FTYPE_CONNECTION + 5); 42
52 ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME, 43 ap_hook_fixups(mgs_hook_fixups, NULL, NULL, APR_HOOK_REALLY_FIRST);
53 mgs_filter_output, NULL, 44
54 AP_FTYPE_CONNECTION + 5); 45 /* TODO: HTTP Upgrade Filter */
46 /* ap_register_output_filter ("UPGRADE_FILTER",
47 * ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
48 */
49
50 ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME,
51 mgs_filter_input, NULL,
52 AP_FTYPE_CONNECTION + 5);
53 ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME,
54 mgs_filter_output, NULL,
55 AP_FTYPE_CONNECTION + 5);
55} 56}
56 57
57static const command_rec mgs_config_cmds[] = { 58static const command_rec mgs_config_cmds[] = {
58 AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify, 59 AP_INIT_TAKE1("GnuTLSClientVerify", mgs_set_client_verify,
59 NULL, 60 NULL,
60 RSRC_CONF|OR_AUTHCFG, 61 RSRC_CONF | OR_AUTHCFG,
61 "Set Verification Requirements of the Client Certificate"), 62 "Set Verification Requirements of the Client Certificate"),
62 AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file, 63 AP_INIT_TAKE1("GnuTLSClientCAFile", mgs_set_client_ca_file,
63 NULL, 64 NULL,
64 RSRC_CONF, 65 RSRC_CONF,
65 "Set the CA File to verify Client Certificates"), 66 "Set the CA File to verify Client Certificates"),
66 AP_INIT_TAKE1("GnuTLSX509CAFile", mgs_set_client_ca_file, 67 AP_INIT_TAKE1("GnuTLSX509CAFile", mgs_set_client_ca_file,
67 NULL, 68 NULL,
68 RSRC_CONF, 69 RSRC_CONF,
69 "Set the CA File to verify Client Certificates"), 70 "Set the CA File to verify Client Certificates"),
70 AP_INIT_TAKE1("GnuTLSPGPKeyringFile", mgs_set_keyring_file, 71 AP_INIT_TAKE1("GnuTLSPGPKeyringFile", mgs_set_keyring_file,
71 NULL, 72 NULL,
72 RSRC_CONF, 73 RSRC_CONF,
73 "Set the Keyring File to verify Client Certificates"), 74 "Set the Keyring File to verify Client Certificates"),
74 AP_INIT_TAKE1("GnuTLSDHFile", mgs_set_dh_file, 75 AP_INIT_TAKE1("GnuTLSDHFile", mgs_set_dh_file,
75 NULL, 76 NULL,
76 RSRC_CONF, 77 RSRC_CONF,
77 "Set the file to read Diffie Hellman parameters from"), 78 "Set the file to read Diffie Hellman parameters from"),
78 AP_INIT_TAKE1("GnuTLSRSAFile", mgs_set_rsa_export_file, 79 AP_INIT_TAKE1("GnuTLSRSAFile", mgs_set_rsa_export_file,
79 NULL, 80 NULL,
80 RSRC_CONF, 81 RSRC_CONF,
81 "Set the file to read RSA-EXPORT parameters from"), 82 "Set the file to read RSA-EXPORT parameters from"),
82 AP_INIT_TAKE1("GnuTLSCertificateFile", mgs_set_cert_file, 83 AP_INIT_TAKE1("GnuTLSCertificateFile", mgs_set_cert_file,
83 NULL, 84 NULL,
84 RSRC_CONF, 85 RSRC_CONF,
85 "SSL Server X509 Certificate file"), 86 "SSL Server X509 Certificate file"),
86 AP_INIT_TAKE1("GnuTLSKeyFile", mgs_set_key_file, 87 AP_INIT_TAKE1("GnuTLSKeyFile", mgs_set_key_file,
87 NULL, 88 NULL,
88 RSRC_CONF, 89 RSRC_CONF,
89 "SSL Server X509 Private Key file"), 90 "SSL Server X509 Private Key file"),
90 AP_INIT_TAKE1("GnuTLSX509CertificateFile", mgs_set_cert_file, 91 AP_INIT_TAKE1("GnuTLSX509CertificateFile", mgs_set_cert_file,
91 NULL, 92 NULL,
92 RSRC_CONF, 93 RSRC_CONF,
93 "SSL Server X509 Certificate file"), 94 "SSL Server X509 Certificate file"),
94 AP_INIT_TAKE1("GnuTLSX509KeyFile", mgs_set_key_file, 95 AP_INIT_TAKE1("GnuTLSX509KeyFile", mgs_set_key_file,
95 NULL, 96 NULL,
96 RSRC_CONF, 97 RSRC_CONF,
97 "SSL Server X509 Private Key file"), 98 "SSL Server X509 Private Key file"),
98 AP_INIT_TAKE1("GnuTLSPGPCertificateFile", mgs_set_pgpcert_file, 99 AP_INIT_TAKE1("GnuTLSPGPCertificateFile", mgs_set_pgpcert_file,
99 NULL, 100 NULL,
100 RSRC_CONF, 101 RSRC_CONF,
101 "SSL Server PGP Certificate file"), 102 "SSL Server PGP Certificate file"),
102 AP_INIT_TAKE1("GnuTLSPGPKeyFile", mgs_set_pgpkey_file, 103 AP_INIT_TAKE1("GnuTLSPGPKeyFile", mgs_set_pgpkey_file,
103 NULL, 104 NULL,
104 RSRC_CONF, 105 RSRC_CONF,
105 "SSL Server PGP Private key file"), 106 "SSL Server PGP Private key file"),
106#ifdef ENABLE_SRP 107#ifdef ENABLE_SRP
107 AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, 108 AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file,
108 NULL, 109 NULL,
109 RSRC_CONF, 110 RSRC_CONF,
110 "SSL Server SRP Password Conf file"), 111 "SSL Server SRP Password Conf file"),
111 AP_INIT_TAKE1("GnuTLSSRPPasswdConfFile", mgs_set_srp_tpasswd_conf_file, 112 AP_INIT_TAKE1("GnuTLSSRPPasswdConfFile",
112 NULL, 113 mgs_set_srp_tpasswd_conf_file,
113 RSRC_CONF, 114 NULL,
114 "SSL Server SRP Parameters file"), 115 RSRC_CONF,
116 "SSL Server SRP Parameters file"),
115#endif 117#endif
116 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, 118 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
117 NULL, 119 NULL,
118 RSRC_CONF, 120 RSRC_CONF,
119 "Cache Timeout"), 121 "Cache Timeout"),
120 AP_INIT_TAKE2("GnuTLSCache", mgs_set_cache, 122 AP_INIT_TAKE2("GnuTLSCache", mgs_set_cache,
121 NULL, 123 NULL,
122 RSRC_CONF, 124 RSRC_CONF,
123 "Cache Configuration"), 125 "Cache Configuration"),
124 AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets, 126 AP_INIT_TAKE1("GnuTLSSessionTickets", mgs_set_tickets,
125 NULL, 127 NULL,
126 RSRC_CONF, 128 RSRC_CONF,
127 "Session Tickets Configuration"), 129 "Session Tickets Configuration"),
128 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, 130 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities,
129 NULL, 131 NULL,
130 RSRC_CONF, 132 RSRC_CONF,
131 "The priorities to enable (ciphers, Key exchange, macs, compression)."), 133 "The priorities to enable (ciphers, Key exchange, macs, compression)."),
132 AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, 134 AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
133 NULL, 135 NULL,
134 RSRC_CONF, 136 RSRC_CONF,
135 "Whether this server has GnuTLS Enabled. Default: Off"), 137 "Whether this server has GnuTLS Enabled. Default: Off"),
136 AP_INIT_TAKE1("GnuTLSExportCertificates", mgs_set_export_certificates_enabled, 138 AP_INIT_TAKE1("GnuTLSExportCertificates",
137 NULL, 139 mgs_set_export_certificates_enabled,
138 RSRC_CONF, 140 NULL,
139 "Whether to export PEM encoded certificates to CGIs. Default: Off"), 141 RSRC_CONF,
142 "Whether to export PEM encoded certificates to CGIs. Default: Off"),
140#if 0 143#if 0
141 AP_INIT_RAW_ARGS("<GnuTLSRequire", mgs_set_require_section, 144 AP_INIT_RAW_ARGS("<GnuTLSRequire", mgs_set_require_section,
142 NULL, 145 NULL,
143 EXEC_ON_READ|OR_ALL, 146 EXEC_ON_READ | OR_ALL,
144 "Whether this server has GnuTLS Enabled. Default: Off"), 147 "Whether this server has GnuTLS Enabled. Default: Off"),
145 AP_INIT_RAW_ARGS("GnuTLSRequireByteCode", mgs_set_require_bytecode, 148 AP_INIT_RAW_ARGS("GnuTLSRequireByteCode", mgs_set_require_bytecode,
146 NULL, 149 NULL,
147 OR_ALL, 150 OR_ALL,
148 "Internal Command for reading Lua Bytecode."), 151 "Internal Command for reading Lua Bytecode."),
149#endif 152#endif
150 {NULL} 153 {NULL}
151}; 154};
152 155
153module AP_MODULE_DECLARE_DATA gnutls_module = { 156module AP_MODULE_DECLARE_DATA gnutls_module = {
154 STANDARD20_MODULE_STUFF, 157 STANDARD20_MODULE_STUFF,
155 mgs_config_dir_create, 158 mgs_config_dir_create,
156 mgs_config_dir_merge, 159 mgs_config_dir_merge,
157 mgs_config_server_create, 160 mgs_config_server_create,
158 NULL, 161 NULL,
159 mgs_config_cmds, 162 mgs_config_cmds,
160 gnutls_hooks 163 gnutls_hooks
161}; 164};