hey hey, this is working code!

2 files changed, 33 insertions, 32 deletions

diff --git a/src/gnutls_io.c b/src/gnutls_io.c
index 659effa..ec2d08c 100644
--- a/src/gnutls_io.c
+++ b/src/gnutls_io.c
@@ -224,14 +224,6 @@ static apr_status_t gnutls_io_input_read(mod_gnutls_handle_t * ctxt,
 
     while (1) {
 
-        if (ctxt->status < 0) {
-            /* Ensure a non-zero error code is returned */
-            if (ctxt->input_rc == APR_SUCCESS) {
-                ctxt->input_rc = APR_EGENERAL;
-            }
-            break;
-        }
-
         rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes);
 
         if (rc > 0) {
@@ -348,6 +340,7 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
 
     if (ctxt->status != 0)
         return;
+#if 0
 
     for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) {
         ret = gnutls_handshake(ctxt->session);
@@ -364,14 +357,12 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
                              gnutls_alert_get_name(ret));
             }
 
-            if (gnutls_error_is_fatal(ret) != 0) {
-                gnutls_deinit(ctxt->session);
-                ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+            gnutls_deinit(ctxt->session);
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
                              "GnuTLS: Handshake Failed (%d) '%s'", ret,
                              gnutls_strerror(ret));
                 ctxt->status = -1;
                 return;
-            }
         }
         else {
             ctxt->status = 1;
@@ -380,6 +371,30 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt)
     }
     ctxt->status = -1;
     return;
+#else
+ret = gnutls_handshake(ctxt->session);
+        if (ret < 0) {
+            if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+                || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+                ret = gnutls_alert_get(ctxt->session);
+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+                             "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret,
+                             gnutls_alert_get_name(ret));
+            }
+    
+            gnutls_deinit(ctxt->session);
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+                             "GnuTLS: Handshake Failed (%d) '%s'", ret,
+                             gnutls_strerror(ret));
+                ctxt->status = -1;
+                return;
+        }
+        else {
+            ctxt->status = 1;
+            return;             /* all done with the handshake */
+        }
+
+#endif
 }
 
 
@@ -404,7 +419,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t * f,
     }
 
     if (ctxt->status < 0) {
-        return ap_get_brigade(f->next, bb, mode, block, readbytes);
+//        return ap_get_brigade(f->next, bb, mode, block, readbytes);
     }
 
     /* XXX: we don't currently support anything other than these modes. */
@@ -643,19 +658,6 @@ ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
 {
     mod_gnutls_handle_t *ctxt = ptr;
 
-    if (!ctxt->output_length
-        && (len + ctxt->output_blen < sizeof(ctxt->output_buffer))) {
-        /* the first two SSL_writes (of 1024 and 261 bytes)
-         * need to be in the same packet (vec[0].iov_base)
-         */
-        /* XXX: could use apr_brigade_write() to make code look cleaner  
-         * but this way we avoid the malloc(APR_BUCKET_BUFF_SIZE)
-         * and free() of it later
-         */
-        memcpy(&ctxt->output_buffer[ctxt->output_blen], buffer, len);
-        ctxt->output_blen += len;
-    }
-    else {
         /* pass along the encrypted data
          * need to flush since we're using SSL's malloc-ed buffer
          * which will be overwritten once we leave here
@@ -670,7 +672,5 @@ ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr,
         if (write_flush(ctxt) < 0) {
             return -1;
         }
-    }
-
     return len;
 }
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index d4f1f16..9cccb03 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -149,7 +149,7 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
 
     gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE);
 
-//    gnutls_dh_set_prime_bits(ctxt->session, DH_BITS);
+    gnutls_dh_set_prime_bits(ctxt->session, DH_BITS);
 
     return ctxt;
 }
@@ -188,7 +188,7 @@ static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy,
         (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
                                                         module_config,
                                                         &gnutls_module);
-    sc->cert_file = apr_pstrdup(parms->pool, arg);
+    sc->cert_file = ap_server_root_relative(parms->pool, arg);
     return NULL;
 }
 
@@ -199,7 +199,7 @@ static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy,
         (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server->
                                                         module_config,
                                                         &gnutls_module);
-    sc->key_file = apr_pstrdup(parms->pool, arg);
+    sc->key_file = ap_server_root_relative(parms->pool, arg);
     return NULL;
 }
 
@@ -291,9 +291,10 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
     sc->ciphers[i] = 0;
 
     i = 0;
+    sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS;
     sc->key_exchange[i++] = GNUTLS_KX_RSA;
-    sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT;
     sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA;
+    sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT;
     sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS;
     sc->key_exchange[i] = 0;