diff options
author | Paul Querna | 2005-05-17 21:00:53 +0000 |
---|---|---|
committer | Paul Querna | 2005-05-17 21:00:53 +0000 |
commit | 84cb5b2ad2abada1069659895d16dcb64f669008 (patch) | |
tree | 447923776aaf6d7bb7c399e888845465ce0b4891 /src/gnutls_hooks.c | |
parent | 836417fceaf154bde03418a1525ff149f5a07cca (diff) |
- add lua to do client verification
- only use gcrypt locking when required to
Diffstat (limited to 'src/gnutls_hooks.c')
-rw-r--r-- | src/gnutls_hooks.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 2d12b51..3862c9d 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -17,6 +17,7 @@ | |||
17 | 17 | ||
18 | #include "mod_gnutls.h" | 18 | #include "mod_gnutls.h" |
19 | #include "http_vhost.h" | 19 | #include "http_vhost.h" |
20 | #include "ap_mpm.h" | ||
20 | 21 | ||
21 | #if !USING_2_1_RECENT | 22 | #if !USING_2_1_RECENT |
22 | extern server_rec *ap_server_conf; | 23 | extern server_rec *ap_server_conf; |
@@ -30,6 +31,8 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; | |||
30 | static apr_file_t* debug_log_fp; | 31 | static apr_file_t* debug_log_fp; |
31 | #endif | 32 | #endif |
32 | 33 | ||
34 | static int mpm_is_threaded; | ||
35 | |||
33 | static apr_status_t mgs_cleanup_pre_config(void *data) | 36 | static apr_status_t mgs_cleanup_pre_config(void *data) |
34 | { | 37 | { |
35 | gnutls_global_deinit(); | 38 | gnutls_global_deinit(); |
@@ -48,8 +51,12 @@ int mgs_hook_pre_config(apr_pool_t * pconf, | |||
48 | { | 51 | { |
49 | 52 | ||
50 | #if APR_HAS_THREADS | 53 | #if APR_HAS_THREADS |
51 | /* TODO: Check MPM Type here */ | 54 | ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded); |
52 | gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); | 55 | if (mpm_is_threaded) { |
56 | gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); | ||
57 | } | ||
58 | #else | ||
59 | mpm_is_threaded = 0; | ||
53 | #endif | 60 | #endif |
54 | 61 | ||
55 | gnutls_global_init(); | 62 | gnutls_global_init(); |
@@ -234,11 +241,6 @@ int mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
234 | rv = gnutls_x509_crt_get_dn_by_oid(sc->cert_x509, | 241 | rv = gnutls_x509_crt_get_dn_by_oid(sc->cert_x509, |
235 | GNUTLS_OID_X520_COMMON_NAME, 0, 0, | 242 | GNUTLS_OID_X520_COMMON_NAME, 0, 0, |
236 | sc->cert_cn, &data_len); | 243 | sc->cert_cn, &data_len); |
237 | ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, | ||
238 | s, | ||
239 | "GnuTLS: sni-x509 cn: %s/%d pk: %s s: 0x%08X sc: 0x%08X", sc->cert_cn, rv, | ||
240 | gnutls_pk_algorithm_get_name(gnutls_x509_privkey_get_pk_algorithm(sc->privkey_x509)), | ||
241 | (unsigned int)s, (unsigned int)sc); | ||
242 | } | 244 | } |
243 | } | 245 | } |
244 | 246 | ||
@@ -568,7 +570,6 @@ int mgs_hook_fixups(request_rec *r) | |||
568 | gnutls_x509_crt_get_issuer_dn(ctxt->sc->cert_x509, buf, &len); | 570 | gnutls_x509_crt_get_issuer_dn(ctxt->sc->cert_x509, buf, &len); |
569 | apr_table_setn(env, "SSL_SERVER_I_DN", apr_pstrmemdup(r->pool, buf, len)); | 571 | apr_table_setn(env, "SSL_SERVER_I_DN", apr_pstrmemdup(r->pool, buf, len)); |
570 | } | 572 | } |
571 | |||
572 | return rv; | 573 | return rv; |
573 | } | 574 | } |
574 | 575 | ||
@@ -585,11 +586,14 @@ int mgs_hook_authz(request_rec *r) | |||
585 | if (!ctxt) { | 586 | if (!ctxt) { |
586 | return DECLINED; | 587 | return DECLINED; |
587 | } | 588 | } |
588 | 589 | ap_add_common_vars(r); | |
589 | if (!dc) { | 590 | mgs_hook_fixups(r); |
590 | dc = mgs_config_dir_create(r->pool, NULL); | 591 | status = mgs_authz_lua(r); |
592 | if (status != 0) { | ||
593 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, | ||
594 | "GnuTLS: FAILED Lua Authorization Test"); | ||
595 | return HTTP_FORBIDDEN; | ||
591 | } | 596 | } |
592 | |||
593 | if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { | 597 | if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { |
594 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, | 598 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
595 | "GnuTLS: Directory set to Ignore Client Certificate!"); | 599 | "GnuTLS: Directory set to Ignore Client Certificate!"); |