diff options
| author |  Nokis Mavrogiannopoulos
| 2008-10-16 18:58:36 +0000 |
|---|---|---|
| committer | Nokis Mavrogiannopoulos
| 2008-10-16 18:58:36 +0000 |
| commit | 5353b12db4cb345f358ae8fdf1257acfccdbd842 (patch) | |
| tree | a68d9716be773eddd52902e2544cb0021aacdd80 /src | |
| parent | 7729b49ab60c5acbc19851705a7f453afaed78fa (diff) | |
Diffstat (limited to 'src')
| -rw-r--r-- | src/gnutls_hooks.c | 59 | ||||
| -rw-r--r-- | src/gnutls_io.c | 6 |
2 files changed, 47 insertions, 18 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 5ced25b..57bfeba 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
| @@ -54,6 +54,9 @@ static void gnutls_debug_log_all(int level, const char *str) | |||
| 54 | { | 54 | { |
| 55 | apr_file_printf(debug_log_fp, "<%d> %s\n", level, str); | 55 | apr_file_printf(debug_log_fp, "<%d> %s\n", level, str); |
| 56 | } | 56 | } |
| 57 | #define _gnutls_log apr_file_printf | ||
| 58 | #else | ||
| 59 | # define _gnutls_log(...) | ||
| 57 | #endif | 60 | #endif |
| 58 | 61 | ||
| 59 | int | 62 | int |
| @@ -62,6 +65,18 @@ mgs_hook_pre_config(apr_pool_t * pconf, | |||
| 62 | { | 65 | { |
| 63 | int ret; | 66 | int ret; |
| 64 | 67 | ||
| 68 | #if MOD_GNUTLS_DEBUG | ||
| 69 | apr_file_open(&debug_log_fp, "/tmp/gnutls_debug", | ||
| 70 | APR_APPEND | APR_WRITE | APR_CREATE, APR_OS_DEFAULT, | ||
| 71 | pconf); | ||
| 72 | |||
| 73 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 74 | |||
| 75 | gnutls_global_set_log_level(9); | ||
| 76 | gnutls_global_set_log_function(gnutls_debug_log_all); | ||
| 77 | _gnutls_log(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL)); | ||
| 78 | #endif | ||
| 79 | |||
| 65 | #if APR_HAS_THREADS | 80 | #if APR_HAS_THREADS |
| 66 | ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded); | 81 | ap_mpm_query(AP_MPMQ_IS_THREADED, &mpm_is_threaded); |
| 67 | if (mpm_is_threaded) { | 82 | if (mpm_is_threaded) { |
| @@ -72,29 +87,20 @@ int ret; | |||
| 72 | #endif | 87 | #endif |
| 73 | 88 | ||
| 74 | if (gnutls_check_version(LIBGNUTLS_VERSION)==NULL) { | 89 | if (gnutls_check_version(LIBGNUTLS_VERSION)==NULL) { |
| 75 | fprintf(stderr, "gnutls_check_version() failed. Required: gnutls-%s Found: gnutls-%s\n", | 90 | _gnutls_log(debug_log_fp, "gnutls_check_version() failed. Required: gnutls-%s Found: gnutls-%s\n", |
| 76 | LIBGNUTLS_VERSION, gnutls_check_version(NULL)); | 91 | LIBGNUTLS_VERSION, gnutls_check_version(NULL)); |
| 77 | return -3; | 92 | return -3; |
| 78 | } | 93 | } |
| 79 | 94 | ||
| 80 | ret = gnutls_global_init(); | 95 | ret = gnutls_global_init(); |
| 81 | if (ret < 0) { | 96 | if (ret < 0) { |
| 82 | fprintf(stderr, "gnutls_global_init: %s\n", gnutls_strerror(ret)); | 97 | _gnutls_log(debug_log_fp, "gnutls_global_init: %s\n", gnutls_strerror(ret)); |
| 83 | return -3; | 98 | return -3; |
| 84 | } | 99 | } |
| 85 | 100 | ||
| 86 | apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, | 101 | apr_pool_cleanup_register(pconf, NULL, mgs_cleanup_pre_config, |
| 87 | apr_pool_cleanup_null); | 102 | apr_pool_cleanup_null); |
| 88 | 103 | ||
| 89 | #if MOD_GNUTLS_DEBUG | ||
| 90 | apr_file_open(&debug_log_fp, "/tmp/gnutls_debug", | ||
| 91 | APR_APPEND | APR_WRITE | APR_CREATE, APR_OS_DEFAULT, | ||
| 92 | pconf); | ||
| 93 | |||
| 94 | gnutls_global_set_log_level(9); | ||
| 95 | gnutls_global_set_log_function(gnutls_debug_log_all); | ||
| 96 | apr_file_printf(debug_log_fp, "gnutls: %s\n", gnutls_check_version(NULL)); | ||
| 97 | #endif | ||
| 98 | 104 | ||
| 99 | return OK; | 105 | return OK; |
| 100 | } | 106 | } |
| @@ -106,6 +112,8 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) | |||
| 106 | int ret; | 112 | int ret; |
| 107 | int cprio[2]; | 113 | int cprio[2]; |
| 108 | 114 | ||
| 115 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 116 | |||
| 109 | ctxt = gnutls_transport_get_ptr(session); | 117 | ctxt = gnutls_transport_get_ptr(session); |
| 110 | 118 | ||
| 111 | /* find the virtual server */ | 119 | /* find the virtual server */ |
| @@ -162,8 +170,12 @@ static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st * ret) | |||
| 162 | { | 170 | { |
| 163 | mgs_handle_t *ctxt; | 171 | mgs_handle_t *ctxt; |
| 164 | 172 | ||
| 173 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 165 | ctxt = gnutls_transport_get_ptr(session); | 174 | ctxt = gnutls_transport_get_ptr(session); |
| 166 | 175 | ||
| 176 | if (ctxt == NULL) | ||
| 177 | return GNUTLS_E_INTERNAL_ERROR; | ||
| 178 | |||
| 167 | if (gnutls_certificate_type_get( session) == GNUTLS_CRT_X509) { | 179 | if (gnutls_certificate_type_get( session) == GNUTLS_CRT_X509) { |
| 168 | ret->type = GNUTLS_CRT_X509; | 180 | ret->type = GNUTLS_CRT_X509; |
| 169 | ret->ncerts = ctxt->sc->certs_x509_num; | 181 | ret->ncerts = ctxt->sc->certs_x509_num; |
| @@ -210,6 +222,7 @@ static int read_crt_cn(server_rec * s, apr_pool_t * p, | |||
| 210 | size_t data_len; | 222 | size_t data_len; |
| 211 | 223 | ||
| 212 | 224 | ||
| 225 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 213 | *cert_cn = NULL; | 226 | *cert_cn = NULL; |
| 214 | 227 | ||
| 215 | data_len = 0; | 228 | data_len = 0; |
| @@ -261,6 +274,7 @@ static int read_pgpcrt_cn(server_rec * s, apr_pool_t * p, | |||
| 261 | size_t data_len; | 274 | size_t data_len; |
| 262 | 275 | ||
| 263 | 276 | ||
| 277 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 264 | *cert_cn = NULL; | 278 | *cert_cn = NULL; |
| 265 | 279 | ||
| 266 | data_len = 0; | 280 | data_len = 0; |
| @@ -293,6 +307,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 293 | int first_run = 0; | 307 | int first_run = 0; |
| 294 | const char *userdata_key = "mgs_init"; | 308 | const char *userdata_key = "mgs_init"; |
| 295 | 309 | ||
| 310 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 296 | apr_pool_userdata_get(&data, userdata_key, base_server->process->pool); | 311 | apr_pool_userdata_get(&data, userdata_key, base_server->process->pool); |
| 297 | if (data == NULL) { | 312 | if (data == NULL) { |
| 298 | first_run = 1; | 313 | first_run = 1; |
| @@ -394,8 +409,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 394 | } | 409 | } |
| 395 | #endif | 410 | #endif |
| 396 | 411 | ||
| 397 | if (sc->certs_x509[0] == NULL | 412 | if (sc->certs_x509[0] == NULL && |
| 398 | && sc->enabled == GNUTLS_ENABLED_TRUE) { | 413 | sc->cert_pgp == NULL && |
| 414 | sc->enabled == GNUTLS_ENABLED_TRUE) { | ||
| 399 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, | 415 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, |
| 400 | "[GnuTLS] - Host '%s:%d' is missing a " | 416 | "[GnuTLS] - Host '%s:%d' is missing a " |
| 401 | "Certificate File!", s->server_hostname, | 417 | "Certificate File!", s->server_hostname, |
| @@ -403,8 +419,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 403 | exit(-1); | 419 | exit(-1); |
| 404 | } | 420 | } |
| 405 | 421 | ||
| 406 | if (sc->privkey_x509 == NULL | 422 | if (sc->enabled == GNUTLS_ENABLED_TRUE && |
| 407 | && sc->enabled == GNUTLS_ENABLED_TRUE) { | 423 | ((sc->certs_x509[0] != NULL && sc->privkey_x509 == NULL) || |
| 424 | (sc->cert_pgp != NULL && sc->privkey_pgp == NULL))) { | ||
| 408 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, | 425 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, |
| 409 | "[GnuTLS] - Host '%s:%d' is missing a " | 426 | "[GnuTLS] - Host '%s:%d' is missing a " |
| 410 | "Private Key File!", | 427 | "Private Key File!", |
| @@ -439,6 +456,7 @@ void mgs_hook_child_init(apr_pool_t * p, server_rec * s) | |||
| 439 | mgs_srvconf_rec *sc = ap_get_module_config(s->module_config, | 456 | mgs_srvconf_rec *sc = ap_get_module_config(s->module_config, |
| 440 | &gnutls_module); | 457 | &gnutls_module); |
| 441 | 458 | ||
| 459 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 442 | if (sc->cache_type != mgs_cache_none) { | 460 | if (sc->cache_type != mgs_cache_none) { |
| 443 | rv = mgs_cache_child_init(p, s, sc); | 461 | rv = mgs_cache_child_init(p, s, sc); |
| 444 | if (rv != APR_SUCCESS) { | 462 | if (rv != APR_SUCCESS) { |
| @@ -457,6 +475,7 @@ const char *mgs_hook_http_scheme(const request_rec * r) | |||
| 457 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, | 475 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, |
| 458 | &gnutls_module); | 476 | &gnutls_module); |
| 459 | 477 | ||
| 478 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 460 | if (sc->enabled == GNUTLS_ENABLED_FALSE) { | 479 | if (sc->enabled == GNUTLS_ENABLED_FALSE) { |
| 461 | return NULL; | 480 | return NULL; |
| 462 | } | 481 | } |
| @@ -470,6 +489,7 @@ apr_port_t mgs_hook_default_port(const request_rec * r) | |||
| 470 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, | 489 | (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, |
| 471 | &gnutls_module); | 490 | &gnutls_module); |
| 472 | 491 | ||
| 492 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 473 | if (sc->enabled == GNUTLS_ENABLED_FALSE) { | 493 | if (sc->enabled == GNUTLS_ENABLED_FALSE) { |
| 474 | return 0; | 494 | return 0; |
| 475 | } | 495 | } |
| @@ -491,6 +511,7 @@ static int vhost_cb(void *baton, conn_rec * conn, server_rec * s) | |||
| 491 | mgs_srvconf_rec *tsc; | 511 | mgs_srvconf_rec *tsc; |
| 492 | vhost_cb_rec *x = baton; | 512 | vhost_cb_rec *x = baton; |
| 493 | 513 | ||
| 514 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 494 | tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config, | 515 | tsc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config, |
| 495 | &gnutls_module); | 516 | &gnutls_module); |
| 496 | 517 | ||
| @@ -543,6 +564,7 @@ mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session) | |||
| 543 | mgs_srvconf_rec *tsc; | 564 | mgs_srvconf_rec *tsc; |
| 544 | #endif | 565 | #endif |
| 545 | 566 | ||
| 567 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 546 | ctxt = gnutls_transport_get_ptr(session); | 568 | ctxt = gnutls_transport_get_ptr(session); |
| 547 | 569 | ||
| 548 | rv = gnutls_server_name_get(ctxt->session, sni_name, | 570 | rv = gnutls_server_name_get(ctxt->session, sni_name, |
| @@ -620,6 +642,7 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) | |||
| 620 | module_config, | 642 | module_config, |
| 621 | &gnutls_module); | 643 | &gnutls_module); |
| 622 | 644 | ||
| 645 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 623 | ctxt = apr_pcalloc(pool, sizeof(*ctxt)); | 646 | ctxt = apr_pcalloc(pool, sizeof(*ctxt)); |
| 624 | ctxt->c = c; | 647 | ctxt->c = c; |
| 625 | ctxt->sc = sc; | 648 | ctxt->sc = sc; |
| @@ -658,6 +681,7 @@ int mgs_hook_pre_connection(conn_rec * c, void *csd) | |||
| 658 | module_config, | 681 | module_config, |
| 659 | &gnutls_module); | 682 | &gnutls_module); |
| 660 | 683 | ||
| 684 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 661 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { | 685 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { |
| 662 | return DECLINED; | 686 | return DECLINED; |
| 663 | } | 687 | } |
| @@ -687,6 +711,7 @@ int mgs_hook_fixups(request_rec * r) | |||
| 687 | mgs_handle_t *ctxt; | 711 | mgs_handle_t *ctxt; |
| 688 | int rv = OK; | 712 | int rv = OK; |
| 689 | 713 | ||
| 714 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 690 | apr_table_t *env = r->subprocess_env; | 715 | apr_table_t *env = r->subprocess_env; |
| 691 | 716 | ||
| 692 | ctxt = | 717 | ctxt = |
| @@ -761,6 +786,7 @@ int mgs_hook_authz(request_rec * r) | |||
| 761 | mgs_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, | 786 | mgs_dirconf_rec *dc = ap_get_module_config(r->per_dir_config, |
| 762 | &gnutls_module); | 787 | &gnutls_module); |
| 763 | 788 | ||
| 789 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 764 | ctxt = | 790 | ctxt = |
| 765 | ap_get_module_config(r->connection->conn_config, &gnutls_module); | 791 | ap_get_module_config(r->connection->conn_config, &gnutls_module); |
| 766 | 792 | ||
| @@ -822,6 +848,7 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt_t cert, int side, | |||
| 822 | 848 | ||
| 823 | apr_table_t *env = r->subprocess_env; | 849 | apr_table_t *env = r->subprocess_env; |
| 824 | 850 | ||
| 851 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 825 | if (export_certificates_enabled != 0) { | 852 | if (export_certificates_enabled != 0) { |
| 826 | char cert_buf[10 * 1024]; | 853 | char cert_buf[10 * 1024]; |
| 827 | len = sizeof(cert_buf); | 854 | len = sizeof(cert_buf); |
| @@ -928,6 +955,7 @@ mgs_add_common_pgpcert_vars(request_rec * r, gnutls_openpgp_crt_t cert, int side | |||
| 928 | size_t len; | 955 | size_t len; |
| 929 | int ret; | 956 | int ret; |
| 930 | 957 | ||
| 958 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 931 | apr_table_t *env = r->subprocess_env; | 959 | apr_table_t *env = r->subprocess_env; |
| 932 | 960 | ||
| 933 | if (export_certificates_enabled != 0) { | 961 | if (export_certificates_enabled != 0) { |
| @@ -994,6 +1022,7 @@ static int mgs_cert_verify(request_rec * r, mgs_handle_t * ctxt) | |||
| 994 | } cert; | 1022 | } cert; |
| 995 | apr_time_t activation_time, expiration_time, cur_time; | 1023 | apr_time_t activation_time, expiration_time, cur_time; |
| 996 | 1024 | ||
| 1025 | _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__); | ||
| 997 | cert_list = | 1026 | cert_list = |
| 998 | gnutls_certificate_get_peers(ctxt->session, &cert_list_size); | 1027 | gnutls_certificate_get_peers(ctxt->session, &cert_list_size); |
| 999 | 1028 | ||
diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 753c87b..4f8e486 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c | |||
| @@ -72,13 +72,13 @@ static int char_buffer_read(mgs_char_buffer_t * buffer, char *in, | |||
| 72 | 72 | ||
| 73 | if (buffer->length > inl) { | 73 | if (buffer->length > inl) { |
| 74 | /* we have have enough to fill the caller's buffer */ | 74 | /* we have have enough to fill the caller's buffer */ |
| 75 | memcpy(in, buffer->value, inl); | 75 | memmove(in, buffer->value, inl); |
| 76 | buffer->value += inl; | 76 | buffer->value += inl; |
| 77 | buffer->length -= inl; | 77 | buffer->length -= inl; |
| 78 | } | 78 | } |
| 79 | else { | 79 | else { |
| 80 | /* swallow remainder of the buffer */ | 80 | /* swallow remainder of the buffer */ |
| 81 | memcpy(in, buffer->value, buffer->length); | 81 | memmove(in, buffer->value, buffer->length); |
| 82 | inl = buffer->length; | 82 | inl = buffer->length; |
| 83 | buffer->value = NULL; | 83 | buffer->value = NULL; |
| 84 | buffer->length = 0; | 84 | buffer->length = 0; |
| @@ -353,7 +353,7 @@ static apr_status_t gnutls_io_input_getline(mgs_handle_t * ctxt, | |||
| 353 | return APR_SUCCESS; | 353 | return APR_SUCCESS; |
| 354 | } | 354 | } |
| 355 | 355 | ||
| 356 | #define HANDSHAKE_MAX_TRIES 100 | 356 | #define HANDSHAKE_MAX_TRIES 1024 |
| 357 | static int gnutls_do_handshake(mgs_handle_t * ctxt) | 357 | static int gnutls_do_handshake(mgs_handle_t * ctxt) |
| 358 | { | 358 | { |
| 359 | int ret; | 359 | int ret; |