summaryrefslogtreecommitdiffstatsabout
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/gnutls_hooks.c23
1 files changed, 15 insertions, 8 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 920eccc..ce5efbb 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -222,11 +222,10 @@ static int read_crt_cn(apr_pool_t * p, gnutls_x509_crt cert,
222 GNUTLS_OID_X520_COMMON_NAME, 222 GNUTLS_OID_X520_COMMON_NAME,
223 0, 0, NULL, &data_len); 223 0, 0, NULL, &data_len);
224 224
225 if (rv >= 0 && data_len > 1) { 225 if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {
226 *cert_cn = apr_palloc(p, data_len); 226 *cert_cn = apr_palloc(p, data_len);
227 rv = gnutls_x509_crt_get_dn_by_oid(cert, 227 rv = gnutls_x509_crt_get_dn_by_oid(cert,
228 GNUTLS_OID_X520_COMMON_NAME, 0, 228 GNUTLS_OID_X520_COMMON_NAME, 0, 0, *cert_cn, &data_len);
229 0, *cert_cn, &data_len);
230 } else { /* No CN return subject alternative name */ 229 } else { /* No CN return subject alternative name */
231 230
232 /* read subject alternative name */ 231 /* read subject alternative name */
@@ -356,11 +355,16 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
356 355
357 if (sc->srp_tpasswd_conf_file != NULL 356 if (sc->srp_tpasswd_conf_file != NULL
358 && sc->srp_tpasswd_file != NULL) { 357 && sc->srp_tpasswd_file != NULL) {
359 gnutls_srp_set_server_credentials_file(sc->srp_creds, 358 rv = gnutls_srp_set_server_credentials_file(sc->srp_creds,
360 sc-> 359 sc->srp_tpasswd_file, sc->srp_tpasswd_conf_file);
361 srp_tpasswd_file, 360
362 sc-> 361 if (rv < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) {
363 srp_tpasswd_conf_file); 362 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
363 "[GnuTLS] - Host '%s:%d' is missing a "
364 "SRP password or conf File!", s->server_hostname,
365 s->port);
366 exit(-1);
367 }
364 } 368 }
365 369
366 if (sc->cert_x509 == NULL 370 if (sc->cert_x509 == NULL
@@ -384,6 +388,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
384 if (sc->enabled == GNUTLS_ENABLED_TRUE) { 388 if (sc->enabled == GNUTLS_ENABLED_TRUE) {
385 rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn); 389 rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn);
386 if (rv < 0) { 390 if (rv < 0) {
391 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
392 "[GnuTLS] - Cannot find a certificate for host '%s:%d'! Disabling TLS.",
393 s->server_hostname, s->port);
387 sc->enabled = GNUTLS_ENABLED_FALSE; 394 sc->enabled = GNUTLS_ENABLED_FALSE;
388 sc->cert_cn = NULL; 395 sc->cert_cn = NULL;
389 continue; 396 continue;