From a66e1478c77fc8c8a7ab831916ab3d1c3aacb539 Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Fri, 10 Dec 2004 06:08:52 +0000 Subject: working support for a ssl session cache via memcached. --- (limited to 'src/mod_gnutls.c') diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 3dfbd9a..833edc2 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -70,7 +70,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, } - if(first_run) { +// if(first_run) { /* TODO: Should we regenerate these after X requests / X time ? */ gnutls_dh_params_init(&dh_params); gnutls_dh_params_generate2(dh_params, DH_BITS); @@ -78,7 +78,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, gnutls_rsa_params_init(&rsa_params); gnutls_rsa_params_generate2(rsa_params, RSA_BITS); #endif - } +// } for (s = base_server; s; s = s->next) { sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, @@ -105,6 +105,25 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, return OK; } +static void mod_gnutls_hook_child_init(apr_pool_t *p, server_rec *s) +{ + apr_status_t rv = APR_SUCCESS; + mod_gnutls_srvconf_rec *sc = ap_get_module_config(s->module_config, + &gnutls_module); + + if(sc->cache_config != NULL) { + rv = mod_gnutls_cache_child_init(p, s, sc); + if(rv != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, + "[GnuTLS] - Failed to run Cache Init"); + } + } + else { + ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, + "[GnuTLS] - No Cache Configured. Hint: GnuTLSCache"); + } +} + static const char *mod_gnutls_hook_http_method(const request_rec * r) { mod_gnutls_srvconf_rec *sc = @@ -172,6 +191,7 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); + mod_gnutls_cache_session_init(ctxt); return ctxt; } @@ -250,6 +270,21 @@ static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy, return NULL; } +static const char *gnutls_set_cache(cmd_parms * parms, void *dummy, + const char *arg) +{ + const char* err; + mod_gnutls_srvconf_rec *sc = ap_get_module_config(parms->server-> + module_config, + &gnutls_module); + if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) { + return err; + } + + sc->cache_config = apr_pstrdup(parms->pool, arg); + return NULL; +} + static const char *gnutls_set_enabled(cmd_parms * parms, void *dummy, const char *arg) { @@ -279,6 +314,10 @@ static const command_rec gnutls_cmds[] = { NULL, RSRC_CONF, "SSL Server Certificate file"), + AP_INIT_TAKE1("GnuTLSCache", gnutls_set_cache, + NULL, + RSRC_CONF, + "SSL Server Certificate file"), AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled, NULL, RSRC_CONF, "Whether this server has GnuTLS Enabled. Default: Off"), @@ -299,6 +338,8 @@ static void gnutls_hooks(apr_pool_t * p) APR_HOOK_MIDDLE); ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_child_init(mod_gnutls_hook_child_init, NULL, NULL, + APR_HOOK_MIDDLE); ap_hook_http_method(mod_gnutls_hook_http_method, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_default_port(mod_gnutls_hook_default_port, NULL, NULL, @@ -331,6 +372,7 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s) gnutls_anon_allocate_server_credentials(&sc->anoncred); sc->key_file = NULL; sc->cert_file = NULL; + sc->cache_config = NULL; i = 0; sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC; -- cgit v0.9.2