some fixes in alternative name support

author: Nokis Mavrogiannopoulos 2007-12-02 06:18:19 +0000
committer: Nokis Mavrogiannopoulos 2007-12-02 06:18:19 +0000
commit: c30816fa5d336fac1b5e8f5c300a62a555f6882e (patch)
tree: 2a9c79ebf727fb126162e2ebae6be9596456c719 /src
parent: 764b39bb2eaf51a46eaaebfacbf3b8acfc5282f0 (diff)
1 files changed, 15 insertions, 8 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 920eccc..ce5efbb 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -222,11 +222,10 @@ static int read_crt_cn(apr_pool_t * p, gnutls_x509_crt cert,
                                       GNUTLS_OID_X520_COMMON_NAME,
                                       0, 0, NULL, &data_len);
-    if (rv >= 0 && data_len > 1) {
+    if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {
        *cert_cn = apr_palloc(p, data_len);
        rv = gnutls_x509_crt_get_dn_by_oid(cert,
-                                           GNUTLS_OID_X520_COMMON_NAME, 0,
+                  GNUTLS_OID_X520_COMMON_NAME, 0, 0, *cert_cn, &data_len);
-                                           0, *cert_cn, &data_len);
    } else {                    /* No CN return subject alternative name */
        /* read subject alternative name */
@@ -356,11 +355,16 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
            if (sc->srp_tpasswd_conf_file != NULL
                && sc->srp_tpasswd_file != NULL) {
-                gnutls_srp_set_server_credentials_file(sc->srp_creds,
+                rv = gnutls_srp_set_server_credentials_file(sc->srp_creds,
-                                                       sc->
+                       sc->srp_tpasswd_file, sc->srp_tpasswd_conf_file);
-                                                       srp_tpasswd_file,
+                
-                                                       sc->
+                if (rv < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) {
-                                                       srp_tpasswd_conf_file);
+                  ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                             "[GnuTLS] - Host '%s:%d' is missing a "
+                             "SRP password or conf File!", s->server_hostname,
+                             s->port);
+                  exit(-1);
+                }
            }
            if (sc->cert_x509 == NULL
@@ -384,6 +388,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
            if (sc->enabled == GNUTLS_ENABLED_TRUE) {
                rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn);
                if (rv < 0) {
+                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                             "[GnuTLS] - Cannot find a certificate for host '%s:%d'! Disabling TLS.",
+                             s->server_hostname, s->port);
                    sc->enabled = GNUTLS_ENABLED_FALSE;
                    sc->cert_cn = NULL;
                    continue;
author	Nokis Mavrogiannopoulos	2007-12-02 06:18:19 +0000
committer	Nokis Mavrogiannopoulos	2007-12-02 06:18:19 +0000
commit	c30816fa5d336fac1b5e8f5c300a62a555f6882e (patch)
tree	2a9c79ebf727fb126162e2ebae6be9596456c719 /src
parent	764b39bb2eaf51a46eaaebfacbf3b8acfc5282f0 (diff)

diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 920eccc..ce5efbb 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c
@@ -222,11 +222,10 @@ static int read_crt_cn(apr_pool_t * p, gnutls_x509_crt cert,
222	GNUTLS_OID_X520_COMMON_NAME,	222	GNUTLS_OID_X520_COMMON_NAME,
223	0, 0, NULL, &data_len);	223	0, 0, NULL, &data_len);
224		224
225	if (rv >= 0 && data_len > 1) {	225	if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {
226	*cert_cn = apr_palloc(p, data_len);	226	*cert_cn = apr_palloc(p, data_len);
227	rv = gnutls_x509_crt_get_dn_by_oid(cert,	227	rv = gnutls_x509_crt_get_dn_by_oid(cert,
228	GNUTLS_OID_X520_COMMON_NAME, 0,	228	GNUTLS_OID_X520_COMMON_NAME, 0, 0, *cert_cn, &data_len);
229	0, *cert_cn, &data_len);
230	} else { /* No CN return subject alternative name */	229	} else { /* No CN return subject alternative name */
231		230
232	/* read subject alternative name */	231	/* read subject alternative name */
@@ -356,11 +355,16 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
356		355
357	if (sc->srp_tpasswd_conf_file != NULL	356	if (sc->srp_tpasswd_conf_file != NULL
358	&& sc->srp_tpasswd_file != NULL) {	357	&& sc->srp_tpasswd_file != NULL) {
359	gnutls_srp_set_server_credentials_file(sc->srp_creds,	358	rv = gnutls_srp_set_server_credentials_file(sc->srp_creds,
360	sc->	359	sc->srp_tpasswd_file, sc->srp_tpasswd_conf_file);
361	srp_tpasswd_file,	360
362	sc->	361	if (rv < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) {
363	srp_tpasswd_conf_file);	362	ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
		363	"[GnuTLS] - Host '%s:%d' is missing a "
		364	"SRP password or conf File!", s->server_hostname,
		365	s->port);
		366	exit(-1);
		367	}
364	}	368	}
365		369
366	if (sc->cert_x509 == NULL	370	if (sc->cert_x509 == NULL
@@ -384,6 +388,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
384	if (sc->enabled == GNUTLS_ENABLED_TRUE) {	388	if (sc->enabled == GNUTLS_ENABLED_TRUE) {
385	rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn);	389	rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn);
386	if (rv < 0) {	390	if (rv < 0) {
		391	ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
		392	"[GnuTLS] - Cannot find a certificate for host '%s:%d'! Disabling TLS.",
		393	s->server_hostname, s->port);
387	sc->enabled = GNUTLS_ENABLED_FALSE;	394	sc->enabled = GNUTLS_ENABLED_FALSE;
388	sc->cert_cn = NULL;	395	sc->cert_cn = NULL;
389	continue;	396	continue;