diff options
author | Paul Querna | 2005-04-22 01:29:13 +0000 |
---|---|---|
committer | Paul Querna | 2005-04-22 01:29:13 +0000 |
commit | 316bd8cab0ab97335f2b0e36c3a240ff7967ed1a (patch) | |
tree | 89fc433988291e4bdcd3dfc45b323040a4f42996 | |
parent | e924ddd3c71d5a28d973bf0b17316b63d9fad70f (diff) |
- remove more debug logging.
- fix a crash by changing the certificate structure *after* starting the handshake.
-rw-r--r-- | src/gnutls_cache.c | 3 | ||||
-rw-r--r-- | src/gnutls_io.c | 9 | ||||
-rw-r--r-- | src/mod_gnutls.c | 9 |
3 files changed, 15 insertions, 6 deletions
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index 91e6ec9..eaeeea6 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c | |||
@@ -209,11 +209,12 @@ static gnutls_datum_t mc_cache_fetch(void* baton, gnutls_datum_t key) | |||
209 | &value, &value_len, NULL); | 209 | &value, &value_len, NULL); |
210 | 210 | ||
211 | if (rv != APR_SUCCESS) { | 211 | if (rv != APR_SUCCESS) { |
212 | #if MOD_GNUTLS_DEBUG | ||
212 | ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, | 213 | ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, |
213 | ctxt->c->base_server, | 214 | ctxt->c->base_server, |
214 | "[gnutls_cache] error fetching key '%s' ", | 215 | "[gnutls_cache] error fetching key '%s' ", |
215 | strkey); | 216 | strkey); |
216 | 217 | #endif | |
217 | data.size = 0; | 218 | data.size = 0; |
218 | data.data = NULL; | 219 | data.data = NULL; |
219 | return data; | 220 | return data; |
diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 5e0c4ef..dee2c4f 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c | |||
@@ -381,10 +381,15 @@ tryagain: | |||
381 | gnutls_strerror(ret)); | 381 | gnutls_strerror(ret)); |
382 | goto tryagain; | 382 | goto tryagain; |
383 | } | 383 | } |
384 | 384 | #if USING_2_1_RECENT | |
385 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | 385 | ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c, |
386 | "GnuTLS: Handshake Failed (%d) '%s'", ret, | 386 | "GnuTLS: Handshake Failed (%d) '%s'", ret, |
387 | gnutls_strerror(ret)); | 387 | gnutls_strerror(ret)); |
388 | #else | ||
389 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | ||
390 | "GnuTLS: Handshake Failed (%d) '%s'", ret, | ||
391 | gnutls_strerror(ret)); | ||
392 | #endif | ||
388 | ctxt->status = -1; | 393 | ctxt->status = -1; |
389 | gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, | 394 | gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, |
390 | gnutls_error_to_alert(ret, NULL)); | 395 | gnutls_error_to_alert(ret, NULL)); |
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index cb81a26..681411b 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
@@ -294,7 +294,6 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r) | |||
294 | 294 | ||
295 | static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt) | 295 | static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt) |
296 | { | 296 | { |
297 | gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs); | ||
298 | gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode); | 297 | gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode); |
299 | } | 298 | } |
300 | 299 | ||
@@ -479,9 +478,11 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) | |||
479 | gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types); | 478 | gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types); |
480 | 479 | ||
481 | mod_gnutls_cache_session_init(ctxt); | 480 | mod_gnutls_cache_session_init(ctxt); |
481 | |||
482 | gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs); | ||
482 | 483 | ||
483 | gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); | 484 | gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); |
484 | 485 | ||
485 | mod_gnutls_changed_servers(ctxt); | 486 | mod_gnutls_changed_servers(ctxt); |
486 | return ctxt; | 487 | return ctxt; |
487 | } | 488 | } |
@@ -838,7 +839,7 @@ int mod_gnutls_hook_authz(request_rec *r) | |||
838 | 839 | ||
839 | if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { | 840 | if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { |
840 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, | 841 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
841 | "GnuTLS: Ignoring Client Certificate!"); | 842 | "GnuTLS: Directory set to Ignore Client Certificate!"); |
842 | return DECLINED; | 843 | return DECLINED; |
843 | } | 844 | } |
844 | 845 | ||
@@ -855,8 +856,10 @@ int mod_gnutls_hook_authz(request_rec *r) | |||
855 | } | 856 | } |
856 | } | 857 | } |
857 | else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) { | 858 | else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) { |
859 | #if MOD_GNUTLS_DEBUG | ||
858 | ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, | 860 | ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
859 | "GnuTLS: Peer is set to IGNORE"); | 861 | "GnuTLS: Peer is set to IGNORE"); |
862 | #endif | ||
860 | return DECLINED; | 863 | return DECLINED; |
861 | } | 864 | } |
862 | 865 | ||