From 9706fc2bfa08fd50d0a754aa7ede8434cb004c8b Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Mon, 27 Sep 2004 02:59:32 +0000 Subject: iniail makefiles and license foo --- diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..57bc88a --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..aebf68d --- /dev/null +++ b/Makefile.am @@ -0,0 +1,3 @@ +EXTRA_DIST = m4/outoforder.m4 m4/apache.m4 + +SUBDIRS = src diff --git a/autogen.sh b/autogen.sh new file mode 100755 index 0000000..6c8e11f --- /dev/null +++ b/autogen.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# autogen.sh - generates configure using the autotools +# $Id: autogen.sh,v 1.1 2004/03/04 08:12:13 firechipmunk Exp $ +libtoolize --force --copy +#libtoolize14 --force --copy +aclocal -I m4 +autoheader +automake --add-missing --copy --foreign +autoconf +rm -rf autom4te.cache diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..0cc92c4 --- /dev/null +++ b/configure.ac @@ -0,0 +1,41 @@ +AC_INIT +OOO_CONFIG_NICE(config.nice) +AC_CONFIG_SRCDIR([src/mod_gnutls.c]) +AM_MAINTAINER_MODE +AC_CANONICAL_TARGET +AM_INIT_AUTOMAKE(mod_gnutls, 0.1.0) +AM_CONFIG_HEADER([include/mod_gnutls_config.h:config.in]) + + +AC_PROG_CC +AC_PROG_LD +AC_PROG_INSTALL +AM_PROG_LIBTOOL + + +AC_PATH_PROG(PKG_CONFIG, pkg-config, no) +if test "x$PKG_CONFIG" = "xno"; then + AC_MSG_ERROR([You need to install pkg-config]) +fi + +PKG_PATH= + +AP_VERSION=2.0.40 +CHECK_APACHE(,$AP_VERSION, + :,:, + AC_MSG_ERROR([*** Apache version $AP_VERSION not found!]) +) + +MODULE_CFLAGS="${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}" + +AC_SUBST(MODULE_CFLAGS) + +AC_CONFIG_FILES([Makefile src/Makefile]) +AC_OUTPUT + +echo "---" +echo "Configuration summary for mod_gnutls" +echo "" +echo " * Apache modules directory = ${AP_LIBEXECDIR}" +echo "" +echo "---" diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 0000000..7a4903a --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,41 @@ +CLEANFILES = .libs/libmod_gnutls *~ + +libmod_gnutls_la_SOURCES = mod_gnutls.c +libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS} +libmod_gnutls_la_LDFLAGS = + +lib_LTLIBRARIES = libmod_gnutls.la + +make_so: $(lib_LTLIBRARIES) + @if test ! -L mod_gnutls.so ; then ln -s .libs/libmod_gnutls.so mod_gnutls.so ; fi + +clean: + rm -f mod_gnutls.so + rm -f *.o *.lo *.la + rm -fr .libs + +install: make_so + @${APXS_BIN} -i -n svn_view mod_gnutls.so + @echo "" + @echo "" + @echo "***********************************************" + @echo "" + @echo " Please read the documentation at " + @echo " http://www.outoforder.cc/ for " + @echo " details on configuration of this module " + @echo "" + @echo "***********************************************" + @echo "" + +activate: make_so + @${APXS_BIN} -i -a -n svn_view mod_gnutls.so + @echo "" + @echo "" + @echo "***********************************************" + @echo "" + @echo " Please read the documentation at " + @echo " http://www.outoforder.cc/ for " + @echo " details on configuration of this module " + @echo "" + @echo "***********************************************" + @echo "" diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c new file mode 100644 index 0000000..bf0d9c3 --- /dev/null +++ b/src/mod_gnutls.c @@ -0,0 +1,465 @@ +/* ==================================================================== + * Copyright 2004 Paul Querna + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "httpd.h" +#include "http_config.h" +#include "http_protocol.h" +#include "http_connection.h" +#include "http_core.h" +#include "http_log.h" +#include "apr_buckets.h" +#include "apr_strings.h" +#include "apr_tables.h" + +#include +#include + +#if APR_HAS_THREADS +GCRY_THREAD_OPTION_PTHREAD_IMPL; +#endif + +module AP_MODULE_DECLARE_DATA gnutls_module; + +#define GNUTLS_OUTPUT_FILTER_NAME "GnuTLS Output Filter" +#define GNUTLS_INPUT_FILTER_NAME "GnuTLS Input Filter" + +#define GNUTLS_ENABLED_FALSE 0 +#define GNUTLS_ENABLED_TRUE 1 + + +typedef struct gnutls_srvconf_t gnutls_srvconf_t; +struct gnutls_srvconf_t +{ + gnutls_certificate_credentials_t certs; + char *key_file; + char *cert_file; + int enabled; +}; + +typedef struct gnutls_handle_t gnutls_handle_t; +struct gnutls_handle_t +{ + gnutls_srvconf_t *sc; + gnutls_session_t session; + ap_filter_t *input_filter; + apr_bucket_brigade *input_bb; + apr_read_type_e input_block; +}; + +static apr_status_t gnutls_filter_input(ap_filter_t * f, + apr_bucket_brigade * bb, + ap_input_mode_t mode, + apr_read_type_e block, + apr_off_t readbytes) +{ + apr_status_t status = APR_SUCCESS; + gnutls_handle_t *ctxt = (gnutls_handle_t *) f->ctx; + + if (f->c->aborted) { + apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc); + APR_BRIGADE_INSERT_TAIL(bb, bucket); + return APR_ECONNABORTED; + } + + return status; +} + +static apr_status_t gnutls_filter_output(ap_filter_t * f, + apr_bucket_brigade * bb) +{ + apr_bucket *b; + const char *buf = 0; + apr_size_t bytes = 0; + gnutls_handle_t *ctxt = (gnutls_handle_t *) f->ctx; + apr_status_t status = APR_SUCCESS; + + if (!ctxt) { + /* first run. */ + } + + for (b = APR_BRIGADE_FIRST(bb); + b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) { + if (APR_BUCKET_IS_EOS(b)) { + /* end of connection */ + } + else if (apr_bucket_read(b, &buf, &bytes, APR_BLOCK_READ) + == APR_SUCCESS) { + /* more data */ + } + } + + return status; +} + +static apr_status_t gnutls_cleanup_pre_config(void *data) +{ + gnutls_global_deinit(); + return APR_SUCCESS; +} + +static int gnutls_hook_pre_config(apr_pool_t * pconf, + apr_pool_t * plog, apr_pool_t * ptemp) +{ + +#if APR_HAS_THREADS + gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); +#endif + + gnutls_global_init(); + + apr_pool_cleanup_register(pconf, NULL, gnutls_cleanup_pre_config, + apr_pool_cleanup_null); + + return OK; +} + +#define DH_BITS 1024 +#define RSA_BITS 512 + +static int gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, + apr_pool_t * ptemp, + server_rec * base_server) +{ + gnutls_srvconf_t *sc; + server_rec *s; + gnutls_dh_params_t dh_params; + gnutls_rsa_params_t rsa_params; + + + /* TODO: Should we regenerate these after X requests / X time ? */ + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_generate2(dh_params, DH_BITS); + gnutls_rsa_params_init(&rsa_params); + gnutls_rsa_params_generate2(rsa_params, RSA_BITS); + + for (s = base_server; s; s = s->next) { + sc = (gnutls_srvconf_t *) ap_get_module_config(s->module_config, + &gnutls_module); + if (sc->cert_file != NULL && sc->key_file != NULL) { + gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, + sc->key_file, + GNUTLS_X509_FMT_PEM); + } + else { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + "[GnuTLS] - Host '%s' is missing a Cert and Key File!", + s->server_hostname); + } + + /** + * TODO: Is it okay for all virtual hosts to + * share the same DH/RSAparams? + */ + gnutls_certificate_set_dh_params(sc->certs, dh_params); + gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); + } + + ap_add_version_component(p, "GnuTLS/" LIBGNUTLS_VERSION); + return OK; +} + +static const char *gnutls_hook_http_method(const request_rec * r) +{ + gnutls_srvconf_t *sc = + (gnutls_srvconf_t *) ap_get_module_config(r->server->module_config, + &gnutls_module); + + if (sc->enabled == GNUTLS_ENABLED_FALSE) { + return NULL; + } + + return "https"; +} + +static apr_port_t gnutls_hook_default_port(const request_rec * r) +{ + gnutls_srvconf_t *sc = + (gnutls_srvconf_t *) ap_get_module_config(r->server->module_config, + &gnutls_module); + + if (sc->enabled == GNUTLS_ENABLED_FALSE) { + return 0; + } + + return 443; +} + +/** + * From mod_ssl / ssl_engine_io.c + * This function will read from a brigade and discard the read buckets as it + * proceeds. It will read at most *len bytes. + */ +static apr_status_t brigade_consume(apr_bucket_brigade * bb, + apr_read_type_e block, + char *c, apr_size_t * len) +{ + apr_size_t actual = 0; + apr_status_t status = APR_SUCCESS; + + while (!APR_BRIGADE_EMPTY(bb)) { + apr_bucket *b = APR_BRIGADE_FIRST(bb); + const char *str; + apr_size_t str_len; + apr_size_t consume; + + /* Justin points out this is an http-ism that might + * not fit if brigade_consume is added to APR. Perhaps + * apr_bucket_read(eos_bucket) should return APR_EOF? + * Then this becomes mainline instead of a one-off. + */ + if (APR_BUCKET_IS_EOS(b)) { + status = APR_EOF; + break; + } + + /* The reason I'm not offering brigade_consume yet + * across to apr-util is that the following call + * illustrates how borked that API really is. For + * this sort of case (caller provided buffer) it + * would be much more trivial for apr_bucket_consume + * to do all the work that follows, based on the + * particular characteristics of the bucket we are + * consuming here. + */ + status = apr_bucket_read(b, &str, &str_len, block); + + if (status != APR_SUCCESS) { + if (APR_STATUS_IS_EOF(status)) { + /* This stream bucket was consumed */ + apr_bucket_delete(b); + continue; + } + break; + } + + if (str_len > 0) { + /* Do not block once some data has been consumed */ + block = APR_NONBLOCK_READ; + + /* Assure we don't overflow. */ + consume = (str_len + actual > *len) ? *len - actual : str_len; + + memcpy(c, str, consume); + + c += consume; + actual += consume; + + if (consume >= b->length) { + /* This physical bucket was consumed */ + apr_bucket_delete(b); + } + else { + /* Only part of this physical bucket was consumed */ + b->start += consume; + b->length -= consume; + } + } + else if (b->length == 0) { + apr_bucket_delete(b); + } + + /* This could probably be actual == *len, but be safe from stray + * photons. */ + if (actual >= *len) { + break; + } + } + + *len = actual; + return status; +} + + +static ssize_t gnutls_transport_read(gnutls_transport_ptr_t ptr, + void *buffer, size_t len) +{ + gnutls_handle_t *ctxt = ptr; + apr_status_t rc; + apr_size_t in = len; + /* If Len = 0, we don't do anything. */ + if (!len) + return 0; + + if (APR_BRIGADE_EMPTY(ctxt->input_bb)) { + + rc = ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb, + AP_MODE_READBYTES, ctxt->input_block, in); + + /* Not a problem, there was simply no data ready yet. + */ + if (APR_STATUS_IS_EAGAIN(rc) || APR_STATUS_IS_EINTR(rc) + || (rc == APR_SUCCESS && APR_BRIGADE_EMPTY(ctxt->input_bb))) { + return 0; + } + + if (rc != APR_SUCCESS) { + /* Unexpected errors discard the brigade */ + apr_brigade_cleanup(ctxt->input_bb); + ctxt->input_bb = NULL; + return -1; + } + } + +// brigade_consume(ctxt->input_bb, ctxt->input_block, buffer, &len); + + + ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb, + AP_MODE_READBYTES, ctxt->input_block, len); + + return len; +} + +static ssize_t gnutls_transport_write(gnutls_transport_ptr_t ptr, + const void *buffer, size_t len) +{ + gnutls_handle_t *ctxt = ptr; + +// apr_bucket *bucket = apr_bucket_transient_create(in, inl, +// outctx->bb-> +// bucket_alloc); + + // outctx->length += inl; + //APR_BRIGADE_INSERT_TAIL(outctx->bb, bucket); + return 0; +} + +static int gnutls_hook_pre_connection(conn_rec * c, void *csd) +{ +#ifndef GNUTLS_AS_FILTER + int cfd; +#endif + gnutls_handle_t *ctxt; + gnutls_srvconf_t *sc = + (gnutls_srvconf_t *) ap_get_module_config(c->base_server-> + module_config, + &gnutls_module); + + if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { + return DECLINED; + } + + ctxt = apr_pcalloc(c->pool, sizeof(*ctxt)); + + ctxt->sc = sc; + gnutls_init(&ctxt->session, GNUTLS_SERVER); + + gnutls_set_default_priority(ctxt->session); + + gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs); + + gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_REQUEST); + + gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); + + ap_set_module_config(c->conn_config, &gnutls_module, ctxt); + +#ifdef GNUTLS_AS_FILTER + gnutls_transport_set_pull_function(ctxt->session, gnutls_transport_read); + gnutls_transport_set_push_function(ctxt->session, gnutls_transport_write); + gnutls_transport_set_ptr(ctxt->session, ctxt); + + ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c); + ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c); +#else + apr_os_sock_get(&cfd, csd); + gnutls_transport_set_ptr(ctxt->session, (gnutls_transport_ptr)cfd); +#endif + return OK; +} + +static const char *gnutls_set_ca_file(cmd_parms * parms, void *dummy, + const char *arg) +{ + gnutls_srvconf_t *sc = + (gnutls_srvconf_t *) ap_get_module_config(parms->server-> + module_config, + &gnutls_module); +/* TODO: CRL, CAFile */ +// gnutls_certificate_set_x509_trust_file(sc->certs, CAFILE, +// GNUTLS_X509_FMT_PEM); + return NULL; +} + +static const command_rec gnutls_cmds[] = { + AP_INIT_FLAG("GnuTLSEnable", ap_set_flag_slot, + (void *) APR_OFFSETOF(gnutls_srvconf_t, enabled), RSRC_CONF, + "Whether this server has GnuTLS Enabled. Default: Off"), + AP_INIT_TAKE1("GnuTLSCertificateFile", ap_set_string_slot, + (void *) APR_OFFSETOF(gnutls_srvconf_t, cert_file), + RSRC_CONF, + "SSL Server Key file"), + AP_INIT_TAKE1("GnuTLSKeyFile", ap_set_string_slot, + (void *) APR_OFFSETOF(gnutls_srvconf_t, key_file), + RSRC_CONF, + "SSL Server Certificate file"), + {NULL} +}; + +/* TODO: CACertificateFile & Client Authentication + * AP_INIT_TAKE1("GnuTLSCACertificateFile", ap_set_server_string_slot, + * (void *) APR_OFFSETOF(gnutls_srvconf_t, key_file), NULL, + * RSRC_CONF, + * "CA"), + */ + +static void gnutls_hooks(apr_pool_t * p) +{ + ap_hook_pre_connection(gnutls_hook_pre_connection, NULL, NULL, + APR_HOOK_MIDDLE); + ap_hook_post_config(gnutls_hook_post_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_http_method(gnutls_hook_http_method, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_default_port(gnutls_hook_default_port, NULL, NULL, + APR_HOOK_MIDDLE); + ap_hook_pre_config(gnutls_hook_pre_config, NULL, NULL, APR_HOOK_MIDDLE); + + /* TODO: HTTP Upgrade Filter */ + /* ap_register_output_filter ("UPGRADE_FILTER", + * ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5); + */ + + ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME, gnutls_filter_input, + NULL, AP_FTYPE_CONNECTION + 5); + ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME, gnutls_filter_output, + NULL, AP_FTYPE_CONNECTION + 5); + +} + +static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s) +{ + gnutls_srvconf_t *sc = apr_pcalloc(p, sizeof *sc); + + sc->enabled = GNUTLS_ENABLED_FALSE; + + gnutls_certificate_allocate_credentials(&sc->certs); + + sc->key_file = NULL; + sc->cert_file = NULL; + return sc; +} + + + +module AP_MODULE_DECLARE_DATA gnutls_module = { + STANDARD20_MODULE_STUFF, + NULL, + NULL, + gnutls_config_server_create, + NULL, +/* gnutls_config_server_merge, */ + gnutls_cmds, + gnutls_hooks +}; -- cgit v0.9.2