diff options
| author |  Paul Querna
| 2005-04-06 04:52:25 +0000 |
|---|---|---|
| committer | Paul Querna
| 2005-04-06 04:52:25 +0000 |
| commit | 42307a9120b12fa5eb6fe1b316ef521ae46dbeb9 (patch) | |
| tree | 3f3da6cbf06c91cbca72f9f6f552a0a26afe62f2 /src/mod_gnutls.c | |
| parent | fcb122d264414b86ca89dddffba5f839963fc7fa (diff) | |
- remove anno creds
- initial attempt at Server Name Extension
- change to adding 'mod_gnutls' to the server sig instead of GnuTLS/
- fix for EOF/EOC/EOS buckets
- 'general' code cleanups
Diffstat (limited to 'src/mod_gnutls.c')
| -rw-r--r-- | src/mod_gnutls.c | 52 |
1 files changed, 46 insertions, 6 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index edf7068..b803ce7 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -189,6 +189,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 189 | sc->cache_config = sc_base->cache_config; | 189 | sc->cache_config = sc_base->cache_config; |
| 190 | 190 | ||
| 191 | if (sc->cert_file != NULL && sc->key_file != NULL) { | 191 | if (sc->cert_file != NULL && sc->key_file != NULL) { |
| 192 | |||
| 192 | rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, | 193 | rv = gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, |
| 193 | sc->key_file, | 194 | sc->key_file, |
| 194 | GNUTLS_X509_FMT_PEM); | 195 | GNUTLS_X509_FMT_PEM); |
| @@ -214,7 +215,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 214 | } | 215 | } |
| 215 | } /* first_run */ | 216 | } /* first_run */ |
| 216 | 217 | ||
| 217 | ap_add_version_component(p, "GnuTLS/" LIBGNUTLS_VERSION); | 218 | ap_add_version_component(p, "mod_gnutls/" MOD_GNUTLS_VERSION); |
| 218 | 219 | ||
| 219 | return OK; | 220 | return OK; |
| 220 | } | 221 | } |
| @@ -266,6 +267,30 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r) | |||
| 266 | return 443; | 267 | return 443; |
| 267 | } | 268 | } |
| 268 | 269 | ||
| 270 | /* TODO: Complete support for Server Name Indication */ | ||
| 271 | static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st* ret) | ||
| 272 | { | ||
| 273 | char* server_name; | ||
| 274 | int server_type; | ||
| 275 | int data_len = 256; | ||
| 276 | mod_gnutls_handle_t *ctxt; | ||
| 277 | ctxt = gnutls_transport_get_ptr(session); | ||
| 278 | |||
| 279 | ret->type = GNUTLS_CRT_X509; | ||
| 280 | ret->ncerts = 1; | ||
| 281 | server_name = apr_palloc(ctxt->c->pool, data_len); | ||
| 282 | if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) { | ||
| 283 | if (server_type == GNUTLS_NAME_DNS) { | ||
| 284 | ap_log_error(APLOG_MARK, APLOG_INFO, 0, | ||
| 285 | ctxt->c->base_server, | ||
| 286 | "GnuTLS: Virtual Host: " | ||
| 287 | "%s", server_name); | ||
| 288 | } | ||
| 289 | } | ||
| 290 | |||
| 291 | return 0; | ||
| 292 | } | ||
| 293 | |||
| 269 | static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) | 294 | static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) |
| 270 | { | 295 | { |
| 271 | mod_gnutls_handle_t *ctxt; | 296 | mod_gnutls_handle_t *ctxt; |
| @@ -299,13 +324,12 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) | |||
| 299 | 324 | ||
| 300 | gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs); | 325 | gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs); |
| 301 | 326 | ||
| 302 | // if(anon) { | ||
| 303 | // gnutls_credentials_set(ctxt->session, GNUTLS_CRD_ANON, sc->anoncred); | ||
| 304 | // } | ||
| 305 | |||
| 306 | gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); | 327 | gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); |
| 307 | 328 | ||
| 308 | mod_gnutls_cache_session_init(ctxt); | 329 | mod_gnutls_cache_session_init(ctxt); |
| 330 | |||
| 331 | /* TODO: Finish Support for Server Name Indication */ | ||
| 332 | /* gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); */ | ||
| 309 | return ctxt; | 333 | return ctxt; |
| 310 | } | 334 | } |
| 311 | 335 | ||
| @@ -341,7 +365,10 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | |||
| 341 | 365 | ||
| 342 | static int mod_gnutls_hook_fixups(request_rec *r) | 366 | static int mod_gnutls_hook_fixups(request_rec *r) |
| 343 | { | 367 | { |
| 368 | unsigned char sbuf[GNUTLS_MAX_SESSION_ID]; | ||
| 369 | char buf[GNUTLS_SESSION_ID_STRING_LEN]; | ||
| 344 | const char* tmp; | 370 | const char* tmp; |
| 371 | int len; | ||
| 345 | mod_gnutls_handle_t *ctxt; | 372 | mod_gnutls_handle_t *ctxt; |
| 346 | apr_table_t *env = r->subprocess_env; | 373 | apr_table_t *env = r->subprocess_env; |
| 347 | 374 | ||
| @@ -352,17 +379,30 @@ static int mod_gnutls_hook_fixups(request_rec *r) | |||
| 352 | } | 379 | } |
| 353 | 380 | ||
| 354 | apr_table_setn(env, "HTTPS", "on"); | 381 | apr_table_setn(env, "HTTPS", "on"); |
| 382 | |||
| 383 | apr_table_setn(env, "GNUTLS_VERSION_INTERFACE", MOD_GNUTLS_VERSION); | ||
| 384 | apr_table_setn(env, "GNUTLS_VERSION_LIBRARY", LIBGNUTLS_VERSION); | ||
| 385 | |||
| 355 | apr_table_setn(env, "SSL_PROTOCOL", | 386 | apr_table_setn(env, "SSL_PROTOCOL", |
| 356 | gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session))); | 387 | gnutls_protocol_get_name(gnutls_protocol_get_version(ctxt->session))); |
| 388 | |||
| 357 | apr_table_setn(env, "SSL_CIPHER", | 389 | apr_table_setn(env, "SSL_CIPHER", |
| 358 | gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session))); | 390 | gnutls_cipher_get_name(gnutls_cipher_get(ctxt->session))); |
| 359 | 391 | ||
| 392 | apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); | ||
| 393 | |||
| 360 | tmp = apr_psprintf(r->pool, "%d", | 394 | tmp = apr_psprintf(r->pool, "%d", |
| 361 | 8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session))); | 395 | 8 * gnutls_cipher_get_key_size(gnutls_cipher_get(ctxt->session))); |
| 362 | 396 | ||
| 363 | apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp); | 397 | apr_table_setn(env, "SSL_CIPHER_USEKEYSIZE", tmp); |
| 398 | |||
| 364 | apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp); | 399 | apr_table_setn(env, "SSL_CIPHER_ALGKEYSIZE", tmp); |
| 365 | 400 | ||
| 401 | len = sizeof(sbuf); | ||
| 402 | gnutls_session_get_id(ctxt->session, sbuf, &len); | ||
| 403 | tmp = mod_gnutls_session_id2sz(sbuf, len, buf, sizeof(buf)); | ||
| 404 | apr_table_setn(env, "SSL_SESSION_ID", tmp); | ||
| 405 | |||
| 366 | return OK; | 406 | return OK; |
| 367 | } | 407 | } |
| 368 | 408 | ||
| @@ -384,6 +424,7 @@ static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy, | |||
| 384 | (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> | 424 | (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> |
| 385 | module_config, | 425 | module_config, |
| 386 | &gnutls_module); | 426 | &gnutls_module); |
| 427 | |||
| 387 | sc->key_file = ap_server_root_relative(parms->pool, arg); | 428 | sc->key_file = ap_server_root_relative(parms->pool, arg); |
| 388 | return NULL; | 429 | return NULL; |
| 389 | } | 430 | } |
| @@ -508,7 +549,6 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s) | |||
| 508 | sc->enabled = GNUTLS_ENABLED_FALSE; | 549 | sc->enabled = GNUTLS_ENABLED_FALSE; |
| 509 | 550 | ||
| 510 | gnutls_certificate_allocate_credentials(&sc->certs); | 551 | gnutls_certificate_allocate_credentials(&sc->certs); |
| 511 | gnutls_anon_allocate_server_credentials(&sc->anoncred); | ||
| 512 | sc->key_file = NULL; | 552 | sc->key_file = NULL; |
| 513 | sc->cert_file = NULL; | 553 | sc->cert_file = NULL; |
| 514 | sc->cache_timeout = apr_time_from_sec(3600); | 554 | sc->cache_timeout = apr_time_from_sec(3600); |