From b997c05d0753e7fb30d0654dd311ea7598db962d Mon Sep 17 00:00:00 2001
From: Nokis Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 20 Feb 2008 20:05:11 +0000
Subject: added disable-srp option

---
diff --git a/NEWS b/NEWS
index 49abeda..84e427a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+** Version 0.4.3
+
+- Added --disable-srp configure option
+
+- Better check for memcache (patch by Guillaume Rousse)
+
 ** Version 0.4.2 (2007-12-10)
 
 - Added support for sending a certificate chain.
diff --git a/configure.ac b/configure.ac
index 259e289..63c05e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 dnl 
-AC_INIT(mod_gnutls, 0.4.2.1)
+AC_INIT(mod_gnutls, 0.4.3)
 OOO_CONFIG_NICE(config.nice)
 MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
 AC_PREREQ(2.53)
@@ -28,8 +28,15 @@ CHECK_APACHE(,$AP_VERSION,
 dnl LIBTOOL="`${APR_CONFIG} --apr-libtool`"
 dnl AC_SUBST(LIBTOOL)
 
-MIN_TLS_VERSION=2.1.7
+MIN_TLS_VERSION=2.2.1
 CHECK_LIBGNUTLS($MIN_TLS_VERSION)
+AM_PATH_LIBGNUTLS($MIN_TLS_VERSION,,
+ 	AC_MSG_ERROR([[
+***  
+*** libgnutls were not found. You may want to get it from
+*** http://www.gnutls.org/
+***
+]]))
 
 dnl CHECK_LUA()
 
@@ -37,6 +44,16 @@ have_apr_memcache=0
 CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
 AC_SUBST(have_apr_memcache)
 
+AC_ARG_ENABLE(srp,
+       AS_HELP_STRING([--disable-srp],
+               [unconditionally disable the SRP functionality]),
+       use_srp=$enableval, use_srp=yes)
+if test "$use_srp" != "no"; then
+	AC_DEFINE_UNQUOTED(ENABLE_SRP, 1, [whether to enable SRP])
+fi
+AC_MSG_CHECKING([whether to enable SRP functionality])
+AC_MSG_RESULT($use_srp)
+
 MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
 MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
 
@@ -51,6 +68,6 @@ echo "Configuration summary for mod_gnutls:"
 echo ""
 echo "   * mod_gnutls version:	${MOD_GNUTLS_VERSION}"
 echo "   * Apache Modules directory:	${AP_LIBEXECDIR}"
-echo "   * GnuTLS Library version:	${LIBGNUTLS_VERSION}"
+echo "   * GnuTLS Library version:	${LIBGNUTLS_VERSION} | Required: ${MIN_TLS_VERSION}+"
 echo ""
 echo "---"
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index 8d6308a..4786f6d 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -202,6 +202,8 @@ const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
     return NULL;
 }
 
+#ifdef ENABLE_SRP
+
 const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
 				     const char *arg)
 {
@@ -228,6 +230,8 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
     return NULL;
 }
 
+#endif
+
 const char *mgs_set_cache(cmd_parms * parms, void *dummy,
 			  const char *type, const char *arg)
 {
@@ -426,6 +430,7 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
 			    ": (%d) %s", ret, gnutls_strerror(ret));
     }
 
+#ifdef ENABLE_SRP
     ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds);
     if (ret < 0) {
 	return apr_psprintf(p, "GnuTLS: Failed to initialize"
@@ -434,6 +439,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
 
     sc->srp_tpasswd_conf_file = NULL;
     sc->srp_tpasswd_file = NULL;
+#endif
+
     sc->privkey_x509 = NULL;
     memset( sc->certs_x509, 0, sizeof(sc->certs_x509));
     sc->certs_x509_num = 0;
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 55a1120..0483602 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -115,11 +115,13 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session)
 
     gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds);
 
+#ifdef ENABLE_SRP
     if (ctxt->sc->srp_tpasswd_conf_file != NULL
 	&& ctxt->sc->srp_tpasswd_file != NULL) {
 	gnutls_credentials_set(session, GNUTLS_CRD_SRP,
 			       ctxt->sc->srp_creds);
     }
+#endif
 
     /* update the priorities - to avoid negotiating a ciphersuite that is not
      * enabled on this virtual server. Note that here we ignore the version
@@ -313,6 +315,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
 	    gnutls_certificate_server_set_retrieve_function(sc->certs,
 							    cert_retrieve_fn);
 
+#ifdef ENABLE_SRP
 	    if (sc->srp_tpasswd_conf_file != NULL
 		&& sc->srp_tpasswd_file != NULL) {
 		rv = gnutls_srp_set_server_credentials_file(sc->srp_creds,
@@ -329,6 +332,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
 		    exit(-1);
 		}
 	    }
+#endif
 
 	    if (sc->certs_x509[0] == NULL
 		&& sc->enabled == GNUTLS_ENABLED_TRUE) {
@@ -662,8 +666,10 @@ int mgs_hook_fixups(request_rec * r)
 		   gnutls_compression_get_name(gnutls_compression_get
 					       (ctxt->session)));
 
+#ifdef ENABLE_SRP
     apr_table_setn(env, "SSL_SRP_USER",
 		   gnutls_srp_server_get_username(ctxt->session));
+#endif
 
     if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL)
 	apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index a6e5528..a8363fe 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -80,6 +80,7 @@ static const command_rec mgs_config_cmds[] = {
                   NULL,
                   RSRC_CONF,
                   "SSL Server SRP Password file"),
+#ifdef ENABLE_SRP
     AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file,
                   NULL,
                   RSRC_CONF,
@@ -88,6 +89,7 @@ static const command_rec mgs_config_cmds[] = {
                   NULL,
                   RSRC_CONF,
                   "SSL Server SRP Parameters file"),
+#endif
     AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
                   NULL,
                   RSRC_CONF,
--
cgit v0.9.2