summaryrefslogtreecommitdiffstatsabout
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/gnutls_config.c14
-rw-r--r--src/gnutls_hooks.c10
2 files changed, 10 insertions, 14 deletions
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index 7b5a42b..8d6308a 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -151,15 +151,10 @@ const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
151 "Certificate '%s'", file); 151 "Certificate '%s'", file);
152 } 152 }
153 153
154 ret = gnutls_x509_crt_init(&sc->cert_x509); 154 sc->certs_x509_num = MAX_CHAIN_SIZE;
155 if (ret < 0) {
156 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize"
157 ": (%d) %s", ret, gnutls_strerror(ret));
158 }
159
160 ret = 155 ret =
161 gnutls_x509_crt_import(sc->cert_x509, &data, GNUTLS_X509_FMT_PEM); 156 gnutls_x509_crt_list_import(sc->certs_x509, &sc->certs_x509_num, &data, GNUTLS_X509_FMT_PEM, 0);
162 if (ret != 0) { 157 if (ret < 0) {
163 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 158 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
164 "Certificate '%s': (%d) %s", file, ret, 159 "Certificate '%s': (%d) %s", file, ret,
165 gnutls_strerror(ret)); 160 gnutls_strerror(ret));
@@ -440,7 +435,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
440 sc->srp_tpasswd_conf_file = NULL; 435 sc->srp_tpasswd_conf_file = NULL;
441 sc->srp_tpasswd_file = NULL; 436 sc->srp_tpasswd_file = NULL;
442 sc->privkey_x509 = NULL; 437 sc->privkey_x509 = NULL;
443 sc->cert_x509 = NULL; 438 memset( sc->certs_x509, 0, sizeof(sc->certs_x509));
439 sc->certs_x509_num = 0;
444 sc->cache_timeout = apr_time_from_sec(300); 440 sc->cache_timeout = apr_time_from_sec(300);
445 sc->cache_type = mgs_cache_dbm; 441 sc->cache_type = mgs_cache_dbm;
446 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); 442 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 4364add..025e4e1 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -148,10 +148,10 @@ static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st * ret)
148 ctxt = gnutls_transport_get_ptr(session); 148 ctxt = gnutls_transport_get_ptr(session);
149 149
150 ret->type = GNUTLS_CRT_X509; 150 ret->type = GNUTLS_CRT_X509;
151 ret->ncerts = 1; 151 ret->ncerts = ctxt->sc->certs_x509_num;
152 ret->deinit_all = 0; 152 ret->deinit_all = 0;
153 153
154 ret->cert.x509 = &ctxt->sc->cert_x509; 154 ret->cert.x509 = ctxt->sc->certs_x509;
155 ret->key.x509 = ctxt->sc->privkey_x509; 155 ret->key.x509 = ctxt->sc->privkey_x509;
156 return 0; 156 return 0;
157} 157}
@@ -334,7 +334,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
334 } 334 }
335 } 335 }
336 336
337 if (sc->cert_x509 == NULL 337 if (sc->certs_x509[0] == NULL
338 && sc->enabled == GNUTLS_ENABLED_TRUE) { 338 && sc->enabled == GNUTLS_ENABLED_TRUE) {
339 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 339 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
340 "[GnuTLS] - Host '%s:%d' is missing a " 340 "[GnuTLS] - Host '%s:%d' is missing a "
@@ -353,7 +353,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
353 } 353 }
354 354
355 if (sc->enabled == GNUTLS_ENABLED_TRUE) { 355 if (sc->enabled == GNUTLS_ENABLED_TRUE) {
356 rv = read_crt_cn(s, p, sc->cert_x509, &sc->cert_cn); 356 rv = read_crt_cn(s, p, sc->certs_x509[0], &sc->cert_cn);
357 if (rv < 0) { 357 if (rv < 0) {
358 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 358 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
359 "[GnuTLS] - Cannot find a certificate for host '%s:%d'!", 359 "[GnuTLS] - Cannot find a certificate for host '%s:%d'!",
@@ -686,7 +686,7 @@ int mgs_hook_fixups(request_rec * r)
686 tmp = mgs_session_id2sz(sbuf, len, buf, sizeof(buf)); 686 tmp = mgs_session_id2sz(sbuf, len, buf, sizeof(buf));
687 apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp)); 687 apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp));
688 688
689 mgs_add_common_cert_vars(r, ctxt->sc->cert_x509, 0, 689 mgs_add_common_cert_vars(r, ctxt->sc->certs_x509[0], 0,
690 ctxt->sc->export_certificates_enabled); 690 ctxt->sc->export_certificates_enabled);
691 691
692 return rv; 692 return rv;