diff options
| author |  Paul Querna
| 2004-12-09 07:52:31 +0000 |
|---|---|---|
| committer | Paul Querna
| 2004-12-09 07:52:31 +0000 |
| commit | 32f2e601850dbbfb34180763df507d103c6b6aff (patch) | |
| tree | 9b50b30743958f0a4e2c71f3d7f762b6170952f9 /src | |
| parent | 0314debf01c32040851395b66669b75bbc1220cc (diff) | |
fixes and stuff that i should of already committed.
Diffstat (limited to 'src')
| -rw-r--r-- | src/gnutls_cache.c | 38 | ||||
| -rw-r--r-- | src/gnutls_io.c | 59 | ||||
| -rw-r--r-- | src/mod_gnutls.c | 17 |
3 files changed, 54 insertions, 60 deletions
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index f2fb803..683cdf4 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c | |||
| @@ -21,5 +21,41 @@ | |||
| 21 | * GnuTLS Session Cache using libmemcached | 21 | * GnuTLS Session Cache using libmemcached |
| 22 | * | 22 | * |
| 23 | */ | 23 | */ |
| 24 | /* | ||
| 25 | #include "memcache.h" | ||
| 24 | 26 | ||
| 25 | #include "libmemcache/memcache.h" | 27 | int mod_gnutls_cache_init() |
| 28 | { | ||
| 29 | return 0; | ||
| 30 | } | ||
| 31 | static int cache_store((void* baton, gnutls_datum_t key, gnutls_datum_t data) | ||
| 32 | { | ||
| 33 | mc_set(struct memcache *mc, | ||
| 34 | key->data, key->size, | ||
| 35 | data->data, data->size, | ||
| 36 | 3600, 0); | ||
| 37 | return 0; | ||
| 38 | } | ||
| 39 | |||
| 40 | static int cache_fetch(void* baton, gnutls_datum_t key) | ||
| 41 | { | ||
| 42 | mod_gnutls_handle_t *ctxt = baton; | ||
| 43 | return 0; | ||
| 44 | } | ||
| 45 | |||
| 46 | static int cache_delete(void* baton, gnutls_datum_t key) | ||
| 47 | { | ||
| 48 | mod_gnutls_handle_t *ctxt = baton; | ||
| 49 | return 0; | ||
| 50 | } | ||
| 51 | |||
| 52 | int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt) | ||
| 53 | { | ||
| 54 | gnutls_db_set_cache_expiration | ||
| 55 | gnutls_db_set_retrieve_function(session, cache_fetch); | ||
| 56 | gnutls_db_set_remove_function(session, cache_delete); | ||
| 57 | gnutls_db_set_store_function(session, cache_store); | ||
| 58 | gnutls_db_set_ptr(session, NULL); | ||
| 59 | return 0; | ||
| 60 | } | ||
| 61 | */ | ||
diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 856b6a3..e1c84be 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c | |||
| @@ -332,46 +332,12 @@ static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt, | |||
| 332 | } | 332 | } |
| 333 | 333 | ||
| 334 | 334 | ||
| 335 | #define GNUTLS_HANDSHAKE_ATTEMPTS 10 | ||
| 336 | |||
| 337 | static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) | 335 | static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) |
| 338 | { | 336 | { |
| 339 | int i, ret; | 337 | int ret; |
| 340 | 338 | ||
| 341 | if (ctxt->status != 0) | 339 | if (ctxt->status != 0) |
| 342 | return; | 340 | return; |
| 343 | #if 0 | ||
| 344 | |||
| 345 | for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) { | ||
| 346 | ret = gnutls_handshake(ctxt->session); | ||
| 347 | if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) { | ||
| 348 | continue; | ||
| 349 | } | ||
| 350 | |||
| 351 | if (ret < 0) { | ||
| 352 | if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED | ||
| 353 | || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { | ||
| 354 | ret = gnutls_alert_get(ctxt->session); | ||
| 355 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | ||
| 356 | "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret, | ||
| 357 | gnutls_alert_get_name(ret)); | ||
| 358 | } | ||
| 359 | |||
| 360 | gnutls_deinit(ctxt->session); | ||
| 361 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | ||
| 362 | "GnuTLS: Handshake Failed (%d) '%s'", ret, | ||
| 363 | gnutls_strerror(ret)); | ||
| 364 | ctxt->status = -1; | ||
| 365 | return; | ||
| 366 | } | ||
| 367 | else { | ||
| 368 | ctxt->status = 1; | ||
| 369 | return; /* all done with the handshake */ | ||
| 370 | } | ||
| 371 | } | ||
| 372 | ctxt->status = -1; | ||
| 373 | return; | ||
| 374 | #else | ||
| 375 | ret = gnutls_handshake(ctxt->session); | 341 | ret = gnutls_handshake(ctxt->session); |
| 376 | if (ret < 0) { | 342 | if (ret < 0) { |
| 377 | if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED | 343 | if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED |
| @@ -393,8 +359,6 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) | |||
| 393 | ctxt->status = 1; | 359 | ctxt->status = 1; |
| 394 | return; /* all done with the handshake */ | 360 | return; /* all done with the handshake */ |
| 395 | } | 361 | } |
| 396 | |||
| 397 | #endif | ||
| 398 | } | 362 | } |
| 399 | 363 | ||
| 400 | 364 | ||
| @@ -465,7 +429,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t * f, | |||
| 465 | apr_status_t mod_gnutls_filter_output(ap_filter_t * f, | 429 | apr_status_t mod_gnutls_filter_output(ap_filter_t * f, |
| 466 | apr_bucket_brigade * bb) | 430 | apr_bucket_brigade * bb) |
| 467 | { | 431 | { |
| 468 | int ret; | 432 | apr_size_t ret; |
| 469 | mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx; | 433 | mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx; |
| 470 | apr_status_t status = APR_SUCCESS; | 434 | apr_status_t status = APR_SUCCESS; |
| 471 | apr_read_type_e rblock = APR_NONBLOCK_READ; | 435 | apr_read_type_e rblock = APR_NONBLOCK_READ; |
| @@ -513,7 +477,6 @@ apr_status_t mod_gnutls_filter_output(ap_filter_t * f, | |||
| 513 | 477 | ||
| 514 | } | 478 | } |
| 515 | else { | 479 | else { |
| 516 | |||
| 517 | /* filter output */ | 480 | /* filter output */ |
| 518 | const char *data; | 481 | const char *data; |
| 519 | apr_size_t len; | 482 | apr_size_t len; |
| @@ -546,20 +509,10 @@ apr_status_t mod_gnutls_filter_output(ap_filter_t * f, | |||
| 546 | ctxt->output_rc = APR_EGENERAL; | 509 | ctxt->output_rc = APR_EGENERAL; |
| 547 | } | 510 | } |
| 548 | } | 511 | } |
| 549 | else if ((apr_size_t) ret != len) { | 512 | else if (ret != len) { |
| 550 | //apr_bucket_split(bucket, ret); | 513 | /* Not able to send the entire bucket, |
| 551 | //APR_BUCKET_REMOVE(bucket); | 514 | split it and send it again. */ |
| 552 | /* not all of the data was sent. */ | 515 | apr_bucket_split(bucket, ret); |
| 553 | /* mod_ssl basicly errors out here.. this doesn't seem right? */ | ||
| 554 | ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc, | ||
| 555 | ctxt->c->base_server, | ||
| 556 | "GnuTLS: failed to write %" APR_SSIZE_T_FMT | ||
| 557 | " of %" APR_SIZE_T_FMT " bytes.", | ||
| 558 | len - (apr_size_t) ret, len); | ||
| 559 | //continue; | ||
| 560 | if (ctxt->output_rc == APR_SUCCESS) { | ||
| 561 | ctxt->output_rc = APR_EGENERAL; | ||
| 562 | } | ||
| 563 | } | 516 | } |
| 564 | 517 | ||
| 565 | apr_bucket_delete(bucket); | 518 | apr_bucket_delete(bucket); |
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index f1ab6a2..04f7db9 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -44,8 +44,9 @@ static int mod_gnutls_hook_pre_config(apr_pool_t * pconf, | |||
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | #define DH_BITS 1024 | 46 | #define DH_BITS 1024 |
| 47 | #ifdef USE_RSA | ||
| 47 | #define RSA_BITS 512 | 48 | #define RSA_BITS 512 |
| 48 | 49 | #endif | |
| 49 | static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | 50 | static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, |
| 50 | apr_pool_t * ptemp, | 51 | apr_pool_t * ptemp, |
| 51 | server_rec * base_server) | 52 | server_rec * base_server) |
| @@ -53,15 +54,17 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 53 | mod_gnutls_srvconf_rec *sc; | 54 | mod_gnutls_srvconf_rec *sc; |
| 54 | server_rec *s; | 55 | server_rec *s; |
| 55 | gnutls_dh_params_t dh_params; | 56 | gnutls_dh_params_t dh_params; |
| 57 | #ifdef USE_RSA | ||
| 56 | gnutls_rsa_params_t rsa_params; | 58 | gnutls_rsa_params_t rsa_params; |
| 57 | 59 | #endif | |
| 58 | 60 | ||
| 59 | /* TODO: Should we regenerate these after X requests / X time ? */ | 61 | /* TODO: Should we regenerate these after X requests / X time ? */ |
| 60 | gnutls_dh_params_init(&dh_params); | 62 | gnutls_dh_params_init(&dh_params); |
| 61 | gnutls_dh_params_generate2(dh_params, DH_BITS); | 63 | gnutls_dh_params_generate2(dh_params, DH_BITS); |
| 62 | // gnutls_rsa_params_init(&rsa_params); | 64 | #ifdef USE_RSA |
| 63 | // gnutls_rsa_params_generate2(rsa_params, RSA_BITS); | 65 | gnutls_rsa_params_init(&rsa_params); |
| 64 | 66 | gnutls_rsa_params_generate2(rsa_params, RSA_BITS); | |
| 67 | #endif | ||
| 65 | for (s = base_server; s; s = s->next) { | 68 | for (s = base_server; s; s = s->next) { |
| 66 | sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, | 69 | sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, |
| 67 | &gnutls_module); | 70 | &gnutls_module); |
| @@ -69,7 +72,9 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 69 | gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, | 72 | gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, |
| 70 | sc->key_file, | 73 | sc->key_file, |
| 71 | GNUTLS_X509_FMT_PEM); | 74 | GNUTLS_X509_FMT_PEM); |
| 72 | // gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); | 75 | #ifdef USE_RSA |
| 76 | gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); | ||
| 77 | #endif | ||
| 73 | gnutls_certificate_set_dh_params(sc->certs, dh_params); | 78 | gnutls_certificate_set_dh_params(sc->certs, dh_params); |
| 74 | } | 79 | } |
| 75 | else if (sc->enabled == GNUTLS_ENABLED_TRUE) { | 80 | else if (sc->enabled == GNUTLS_ENABLED_TRUE) { |