diff options
| author |  Paul Querna
| 2005-04-22 01:29:13 +0000 |
|---|---|---|
| committer | Paul Querna
| 2005-04-22 01:29:13 +0000 |
| commit | 316bd8cab0ab97335f2b0e36c3a240ff7967ed1a (patch) | |
| tree | 89fc433988291e4bdcd3dfc45b323040a4f42996 /src/mod_gnutls.c | |
| parent | e924ddd3c71d5a28d973bf0b17316b63d9fad70f (diff) | |
- remove more debug logging.
- fix a crash by changing the certificate structure *after* starting the handshake.
Diffstat (limited to 'src/mod_gnutls.c')
| -rw-r--r-- | src/mod_gnutls.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index cb81a26..681411b 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -294,7 +294,6 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r) | |||
| 294 | 294 | ||
| 295 | static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt) | 295 | static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt) |
| 296 | { | 296 | { |
| 297 | gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs); | ||
| 298 | gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode); | 297 | gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode); |
| 299 | } | 298 | } |
| 300 | 299 | ||
| @@ -479,9 +478,11 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) | |||
| 479 | gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types); | 478 | gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types); |
| 480 | 479 | ||
| 481 | mod_gnutls_cache_session_init(ctxt); | 480 | mod_gnutls_cache_session_init(ctxt); |
| 481 | |||
| 482 | gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs); | ||
| 482 | 483 | ||
| 483 | gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); | 484 | gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); |
| 484 | 485 | ||
| 485 | mod_gnutls_changed_servers(ctxt); | 486 | mod_gnutls_changed_servers(ctxt); |
| 486 | return ctxt; | 487 | return ctxt; |
| 487 | } | 488 | } |
| @@ -838,7 +839,7 @@ int mod_gnutls_hook_authz(request_rec *r) | |||
| 838 | 839 | ||
| 839 | if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { | 840 | if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { |
| 840 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, | 841 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
| 841 | "GnuTLS: Ignoring Client Certificate!"); | 842 | "GnuTLS: Directory set to Ignore Client Certificate!"); |
| 842 | return DECLINED; | 843 | return DECLINED; |
| 843 | } | 844 | } |
| 844 | 845 | ||
| @@ -855,8 +856,10 @@ int mod_gnutls_hook_authz(request_rec *r) | |||
| 855 | } | 856 | } |
| 856 | } | 857 | } |
| 857 | else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) { | 858 | else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) { |
| 859 | #if MOD_GNUTLS_DEBUG | ||
| 858 | ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, | 860 | ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
| 859 | "GnuTLS: Peer is set to IGNORE"); | 861 | "GnuTLS: Peer is set to IGNORE"); |
| 862 | #endif | ||
| 860 | return DECLINED; | 863 | return DECLINED; |
| 861 | } | 864 | } |
| 862 | 865 | ||