- remove more debug logging.

- fix a crash by changing the certificate structure *after* starting the handshake.
author: Paul Querna 2005-04-22 01:29:13 +0000
committer: Paul Querna 2005-04-22 01:29:13 +0000
commit: 316bd8cab0ab97335f2b0e36c3a240ff7967ed1a (patch)
tree: 89fc433988291e4bdcd3dfc45b323040a4f42996
parent: e924ddd3c71d5a28d973bf0b17316b63d9fad70f (diff)
3 files changed, 15 insertions, 6 deletions
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c
index 91e6ec9..eaeeea6 100644
--- a/src/gnutls_cache.c
+++ b/src/gnutls_cache.c
@@ -209,11 +209,12 @@ static gnutls_datum_t mc_cache_fetch(void* baton, gnutls_datum_t key)
                           &value, &value_len, NULL);
    if (rv != APR_SUCCESS) {
+#if MOD_GNUTLS_DEBUG
        ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
                     ctxt->c->base_server,
                     "[gnutls_cache] error fetching key '%s' ",
                     strkey);
+#endif
        data.size = 0;
        data.data = NULL;
        return data;
diff --git a/src/gnutls_io.c b/src/gnutls_io.c
index 5e0c4ef..dee2c4f 100644
--- a/src/gnutls_io.c
+++ b/src/gnutls_io.c
@@ -381,10 +381,15 @@ tryagain:
                      gnutls_strerror(ret));
            goto tryagain;
        }
+#if USING_2_1_RECENT
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
                     "GnuTLS: Handshake Failed (%d) '%s'", ret,
                      gnutls_strerror(ret));
+#else
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+                     "GnuTLS: Handshake Failed (%d) '%s'", ret,
+                     gnutls_strerror(ret));
+#endif
        ctxt->status = -1;
        gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, 
                          gnutls_error_to_alert(ret, NULL));
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index cb81a26..681411b 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -294,7 +294,6 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
 static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt)
 {
-    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs);
    gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode);
 }
@@ -479,9 +478,11 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
    gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types);
    mod_gnutls_cache_session_init(ctxt);
+    
+    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs);
    gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn);
+    
    mod_gnutls_changed_servers(ctxt);
    return ctxt;
 }
@@ -838,7 +839,7 @@ int mod_gnutls_hook_authz(request_rec *r)
    if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) {
        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 
-                      "GnuTLS: Ignoring Client Certificate!");
+                      "GnuTLS: Directory set to Ignore Client Certificate!");
        return DECLINED;
    }
@@ -855,8 +856,10 @@ int mod_gnutls_hook_authz(request_rec *r)
        }
    }
    else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) {
+#if MOD_GNUTLS_DEBUG
        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 
                      "GnuTLS: Peer is set to IGNORE");
+#endif
        return DECLINED;
    }
author	Paul Querna	2005-04-22 01:29:13 +0000
committer	Paul Querna	2005-04-22 01:29:13 +0000
commit	316bd8cab0ab97335f2b0e36c3a240ff7967ed1a (patch)
tree	89fc433988291e4bdcd3dfc45b323040a4f42996
parent	e924ddd3c71d5a28d973bf0b17316b63d9fad70f (diff)

diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index 91e6ec9..eaeeea6 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c
@@ -209,11 +209,12 @@ static gnutls_datum_t mc_cache_fetch(void* baton, gnutls_datum_t key)
209	&value, &value_len, NULL);	209	&value, &value_len, NULL);
210		210
211	if (rv != APR_SUCCESS) {	211	if (rv != APR_SUCCESS) {
		212	#if MOD_GNUTLS_DEBUG
212	ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,	213	ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
213	ctxt->c->base_server,	214	ctxt->c->base_server,
214	"[gnutls_cache] error fetching key '%s' ",	215	"[gnutls_cache] error fetching key '%s' ",
215	strkey);	216	strkey);
216		217	#endif
217	data.size = 0;	218	data.size = 0;
218	data.data = NULL;	219	data.data = NULL;
219	return data;	220	return data;


diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 5e0c4ef..dee2c4f 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c
@@ -381,10 +381,15 @@ tryagain:
381	gnutls_strerror(ret));	381	gnutls_strerror(ret));
382	goto tryagain;	382	goto tryagain;
383	}	383	}
384		384	#if USING_2_1_RECENT
385	ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,	385	ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
386	"GnuTLS: Handshake Failed (%d) '%s'", ret,	386	"GnuTLS: Handshake Failed (%d) '%s'", ret,
387	gnutls_strerror(ret));	387	gnutls_strerror(ret));
		388	#else
		389	ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
		390	"GnuTLS: Handshake Failed (%d) '%s'", ret,
		391	gnutls_strerror(ret));
		392	#endif
388	ctxt->status = -1;	393	ctxt->status = -1;
389	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,	394	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
390	gnutls_error_to_alert(ret, NULL));	395	gnutls_error_to_alert(ret, NULL));


diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index cb81a26..681411b 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c
@@ -294,7 +294,6 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
294		294
295	static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt)	295	static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt)
296	{	296	{
297	gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs);
298	gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode);	297	gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode);
299	}	298	}
300		299
@@ -479,9 +478,11 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
479	gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types);	478	gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types);
480		479
481	mod_gnutls_cache_session_init(ctxt);	480	mod_gnutls_cache_session_init(ctxt);
		481
		482	gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs);
482		483
483	gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn);	484	gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn);
484		485
485	mod_gnutls_changed_servers(ctxt);	486	mod_gnutls_changed_servers(ctxt);
486	return ctxt;	487	return ctxt;
487	}	488	}
@@ -838,7 +839,7 @@ int mod_gnutls_hook_authz(request_rec *r)
838		839
839	if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) {	840	if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) {
840	ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,	841	ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
841	"GnuTLS: Ignoring Client Certificate!");	842	"GnuTLS: Directory set to Ignore Client Certificate!");
842	return DECLINED;	843	return DECLINED;
843	}	844	}
844		845
@@ -855,8 +856,10 @@ int mod_gnutls_hook_authz(request_rec *r)
855	}	856	}
856	}	857	}
857	else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) {	858	else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) {
		859	#if MOD_GNUTLS_DEBUG
858	ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,	860	ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
859	"GnuTLS: Peer is set to IGNORE");	861	"GnuTLS: Peer is set to IGNORE");
		862	#endif
860	return DECLINED;	863	return DECLINED;
861	}	864	}
862		865