working SNI. Not so working Client Cert support.

author: Paul Querna 2005-04-21 17:15:56 +0000
committer: Paul Querna 2005-04-21 17:15:56 +0000
commit: 31645b2ad4f81c5ce3ca8ee9a671f24fb35715cd (patch)
tree: bde214555fb7612674bf4f3cbcf72db37f096b2f /src/gnutls_io.c
parent: 0475f1bc49d07ab75f33899e6c0d1b32f884c68b (diff)
1 files changed, 30 insertions, 24 deletions
diff --git a/src/gnutls_io.c b/src/gnutls_io.c
index f761f96..f081284 100644
--- a/src/gnutls_io.c
+++ b/src/gnutls_io.c
@@ -353,13 +353,12 @@ static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt,
    return APR_SUCCESS;
 }
+static int gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
-static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
 {
    int ret;
    int errcode;
    if (ctxt->status != 0) {
-        return;
+        return 0;
    }
 tryagain:
@@ -388,11 +387,37 @@ tryagain:
        gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, 
                          gnutls_error_to_alert(ret, NULL));
        gnutls_deinit(ctxt->session);
-        return;
+        return ret;
    }
    else {
+        /* all done with the handshake */
        ctxt->status = 1;
-        return;             /* all done with the handshake */
+        return ret;
+    }
+}
+int mod_gnutls_rehandshake(mod_gnutls_handle_t * ctxt)
+{
+    int rv;
+    rv = gnutls_rehandshake(ctxt->session);
+    
+    if (rv != 0) {
+        /* the client did not want to rehandshake. goodbye */
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+                     "GnuTLS: Client Refused Rehandshake request.");
+        return -1;
+    }
+    
+    ctxt->status = 0;
+    gnutls_do_handshake(ctxt);
+    
+    if (ctxt->status == 1) {
+        return 0;
+    }
+    else {
+        return -1;
    }
 }
@@ -414,26 +439,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t* f,
    }
    if (ctxt->status == 0) {
-        char* server_name;
-        int server_type;
-        int data_len = 256;
-        
        gnutls_do_handshake(ctxt);
-        
-        /**
-         * Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1
-         * Server Name Indication.
-         */
-        server_name = apr_palloc(ctxt->c->pool, data_len);
-        if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
-            if (server_type == GNUTLS_NAME_DNS) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-                             ctxt->c->base_server,
-                             "GnuTLS: TLS 1.1 Server Name: "
-                             "%s", server_name);
-                
-            }
-        }
    }
    if (ctxt->status < 0) {
author	Paul Querna	2005-04-21 17:15:56 +0000
committer	Paul Querna	2005-04-21 17:15:56 +0000
commit	31645b2ad4f81c5ce3ca8ee9a671f24fb35715cd (patch)
tree	bde214555fb7612674bf4f3cbcf72db37f096b2f /src/gnutls_io.c
parent	0475f1bc49d07ab75f33899e6c0d1b32f884c68b (diff)

diff --git a/src/gnutls_io.c b/src/gnutls_io.c index f761f96..f081284 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c
@@ -353,13 +353,12 @@ static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt,
353	return APR_SUCCESS;	353	return APR_SUCCESS;
354	}	354	}
355		355
356		356	static int gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
357	static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
358	{	357	{
359	int ret;	358	int ret;
360	int errcode;	359	int errcode;
361	if (ctxt->status != 0) {	360	if (ctxt->status != 0) {
362	return;	361	return 0;
363	}	362	}
364		363
365	tryagain:	364	tryagain:
@@ -388,11 +387,37 @@ tryagain:
388	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,	387	gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL,
389	gnutls_error_to_alert(ret, NULL));	388	gnutls_error_to_alert(ret, NULL));
390	gnutls_deinit(ctxt->session);	389	gnutls_deinit(ctxt->session);
391	return;	390	return ret;
392	}	391	}
393	else {	392	else {
		393	/* all done with the handshake */
394	ctxt->status = 1;	394	ctxt->status = 1;
395	return; /* all done with the handshake */	395	return ret;
		396	}
		397	}
		398
		399	int mod_gnutls_rehandshake(mod_gnutls_handle_t * ctxt)
		400	{
		401	int rv;
		402
		403	rv = gnutls_rehandshake(ctxt->session);
		404
		405	if (rv != 0) {
		406	/* the client did not want to rehandshake. goodbye */
		407	ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
		408	"GnuTLS: Client Refused Rehandshake request.");
		409	return -1;
		410	}
		411
		412	ctxt->status = 0;
		413
		414	gnutls_do_handshake(ctxt);
		415
		416	if (ctxt->status == 1) {
		417	return 0;
		418	}
		419	else {
		420	return -1;
396	}	421	}
397	}	422	}
398		423
@@ -414,26 +439,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t* f,
414	}	439	}
415		440
416	if (ctxt->status == 0) {	441	if (ctxt->status == 0) {
417	char* server_name;
418	int server_type;
419	int data_len = 256;
420
421	gnutls_do_handshake(ctxt);	442	gnutls_do_handshake(ctxt);
422
423	/**
424	* Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1
425	* Server Name Indication.
426	*/
427	server_name = apr_palloc(ctxt->c->pool, data_len);
428	if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) {
429	if (server_type == GNUTLS_NAME_DNS) {
430	ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
431	ctxt->c->base_server,
432	"GnuTLS: TLS 1.1 Server Name: "
433	"%s", server_name);
434
435	}
436	}
437	}	443	}
438		444
439	if (ctxt->status < 0) {	445	if (ctxt->status < 0) {