6 files changed, 762 insertions, 0 deletions

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,202 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 0000000..aebf68d
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,3 @@
+EXTRA_DIST = m4/outoforder.m4 m4/apache.m4
+
+SUBDIRS = src
diff --git a/autogen.sh b/autogen.sh
new file mode 100755
index 0000000..6c8e11f
--- /dev/null
+++ b/autogen.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+# autogen.sh - generates configure using the autotools
+# $Id: autogen.sh,v 1.1 2004/03/04 08:12:13 firechipmunk Exp $
+libtoolize --force --copy
+#libtoolize14  --force --copy
+aclocal -I m4
+autoheader
+automake --add-missing --copy --foreign
+autoconf
+rm -rf autom4te.cache
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..0cc92c4
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,41 @@
+AC_INIT
+OOO_CONFIG_NICE(config.nice)
+AC_CONFIG_SRCDIR([src/mod_gnutls.c])
+AM_MAINTAINER_MODE
+AC_CANONICAL_TARGET
+AM_INIT_AUTOMAKE(mod_gnutls, 0.1.0)
+AM_CONFIG_HEADER([include/mod_gnutls_config.h:config.in])
+
+
+AC_PROG_CC
+AC_PROG_LD
+AC_PROG_INSTALL
+AM_PROG_LIBTOOL
+
+
+AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
+if test "x$PKG_CONFIG" = "xno"; then
+        AC_MSG_ERROR([You need to install pkg-config])
+fi
+
+PKG_PATH=
+
+AP_VERSION=2.0.40
+CHECK_APACHE(,$AP_VERSION,
+    :,:,
+    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
+)
+
+MODULE_CFLAGS="${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
+
+AC_SUBST(MODULE_CFLAGS)
+
+AC_CONFIG_FILES([Makefile src/Makefile])
+AC_OUTPUT
+
+echo "---"
+echo "Configuration summary for mod_gnutls"
+echo ""
+echo "   * Apache modules directory = ${AP_LIBEXECDIR}"
+echo ""
+echo "---"
diff --git a/src/Makefile.am b/src/Makefile.am
new file mode 100644
index 0000000..7a4903a
--- /dev/null
+++ b/src/Makefile.am
@@ -0,0 +1,41 @@
+CLEANFILES = .libs/libmod_gnutls *~
+
+libmod_gnutls_la_SOURCES = mod_gnutls.c
+libmod_gnutls_la_CFLAGS = -Wall ${MODULE_CFLAGS}
+libmod_gnutls_la_LDFLAGS =
+
+lib_LTLIBRARIES = libmod_gnutls.la
+
+make_so: $(lib_LTLIBRARIES)
+        @if test ! -L mod_gnutls.so ; then ln -s .libs/libmod_gnutls.so mod_gnutls.so ; fi
+
+clean:
+        rm -f mod_gnutls.so
+        rm -f *.o *.lo *.la 
+        rm -fr .libs
+
+install: make_so
+        @${APXS_BIN} -i -n svn_view mod_gnutls.so
+        @echo ""
+        @echo ""
+        @echo "***********************************************"
+        @echo ""
+        @echo "   Please read the documentation at            "
+        @echo "   http://www.outoforder.cc/ for   "
+        @echo "   details on configuration of this module     "
+        @echo ""
+        @echo "***********************************************"
+        @echo ""
+
+activate: make_so
+        @${APXS_BIN} -i -a -n svn_view mod_gnutls.so
+        @echo ""
+        @echo ""
+        @echo "***********************************************"
+        @echo ""
+        @echo "   Please read the documentation at            "
+        @echo "   http://www.outoforder.cc/ for   "
+        @echo "   details on configuration of this module     "
+        @echo ""
+        @echo "***********************************************"
+        @echo ""
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
new file mode 100644
index 0000000..bf0d9c3
--- /dev/null
+++ b/src/mod_gnutls.c
@@ -0,0 +1,465 @@
+/* ====================================================================
+ *  Copyright 2004 Paul Querna
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_protocol.h"
+#include "http_connection.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "apr_buckets.h"
+#include "apr_strings.h"
+#include "apr_tables.h"
+
+#include <gcrypt.h>
+#include <gnutls/gnutls.h>
+
+#if APR_HAS_THREADS
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif
+
+module AP_MODULE_DECLARE_DATA gnutls_module;
+
+#define GNUTLS_OUTPUT_FILTER_NAME "GnuTLS Output Filter"
+#define GNUTLS_INPUT_FILTER_NAME "GnuTLS Input Filter"
+
+#define GNUTLS_ENABLED_FALSE 0
+#define GNUTLS_ENABLED_TRUE  1
+
+
+typedef struct gnutls_srvconf_t gnutls_srvconf_t;
+struct gnutls_srvconf_t
+{
+    gnutls_certificate_credentials_t certs;
+    char *key_file;
+    char *cert_file;
+    int enabled;
+};
+
+typedef struct gnutls_handle_t gnutls_handle_t;
+struct gnutls_handle_t
+{
+    gnutls_srvconf_t *sc;
+    gnutls_session_t session;
+    ap_filter_t *input_filter;
+    apr_bucket_brigade *input_bb;
+    apr_read_type_e input_block;
+};
+
+static apr_status_t gnutls_filter_input(ap_filter_t * f,
+                                        apr_bucket_brigade * bb,
+                                        ap_input_mode_t mode,
+                                        apr_read_type_e block,
+                                        apr_off_t readbytes)
+{
+    apr_status_t status = APR_SUCCESS;
+    gnutls_handle_t *ctxt = (gnutls_handle_t *) f->ctx;
+
+    if (f->c->aborted) {
+        apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
+        APR_BRIGADE_INSERT_TAIL(bb, bucket);
+        return APR_ECONNABORTED;
+    }
+
+    return status;
+}
+
+static apr_status_t gnutls_filter_output(ap_filter_t * f,
+                                         apr_bucket_brigade * bb)
+{
+    apr_bucket *b;
+    const char *buf = 0;
+    apr_size_t bytes = 0;
+    gnutls_handle_t *ctxt = (gnutls_handle_t *) f->ctx;
+    apr_status_t status = APR_SUCCESS;
+
+    if (!ctxt) {
+        /* first run. */
+    }
+
+    for (b = APR_BRIGADE_FIRST(bb);
+         b != APR_BRIGADE_SENTINEL(bb); b = APR_BUCKET_NEXT(b)) {
+        if (APR_BUCKET_IS_EOS(b)) {
+            /* end of connection */
+        }
+        else if (apr_bucket_read(b, &buf, &bytes, APR_BLOCK_READ)
+                 == APR_SUCCESS) {
+            /* more data */
+        }
+    }
+
+    return status;
+}
+
+static apr_status_t gnutls_cleanup_pre_config(void *data)
+{
+    gnutls_global_deinit();
+    return APR_SUCCESS;
+}
+
+static int gnutls_hook_pre_config(apr_pool_t * pconf,
+                                  apr_pool_t * plog, apr_pool_t * ptemp)
+{
+
+#if APR_HAS_THREADS
+    gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+#endif
+
+    gnutls_global_init();
+
+    apr_pool_cleanup_register(pconf, NULL, gnutls_cleanup_pre_config,
+                              apr_pool_cleanup_null);
+
+    return OK;
+}
+
+#define DH_BITS 1024
+#define RSA_BITS 512
+
+static int gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
+                                   apr_pool_t * ptemp,
+                                   server_rec * base_server)
+{
+    gnutls_srvconf_t *sc;
+    server_rec *s;
+    gnutls_dh_params_t dh_params;
+    gnutls_rsa_params_t rsa_params;
+
+
+    /* TODO: Should we regenerate these after X requests / X time ? */
+    gnutls_dh_params_init(&dh_params);
+    gnutls_dh_params_generate2(dh_params, DH_BITS);
+    gnutls_rsa_params_init(&rsa_params);
+    gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
+
+    for (s = base_server; s; s = s->next) {
+        sc = (gnutls_srvconf_t *) ap_get_module_config(s->module_config,
+                                                       &gnutls_module);
+        if (sc->cert_file != NULL && sc->key_file != NULL) {
+            gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file,
+                                                 sc->key_file,
+                                                 GNUTLS_X509_FMT_PEM);
+        }
+        else {
+            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                         "[GnuTLS] - Host '%s' is missing a Cert and Key File!",
+                         s->server_hostname);
+        }
+
+        /**
+         * TODO: Is it okay for all virtual hosts to 
+         *       share the same DH/RSAparams? 
+         */
+        gnutls_certificate_set_dh_params(sc->certs, dh_params);
+        gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params);
+    }
+
+    ap_add_version_component(p, "GnuTLS/" LIBGNUTLS_VERSION);
+    return OK;
+}
+
+static const char *gnutls_hook_http_method(const request_rec * r)
+{
+    gnutls_srvconf_t *sc =
+        (gnutls_srvconf_t *) ap_get_module_config(r->server->module_config,
+                                                  &gnutls_module);
+
+    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
+        return NULL;
+    }
+
+    return "https";
+}
+
+static apr_port_t gnutls_hook_default_port(const request_rec * r)
+{
+    gnutls_srvconf_t *sc =
+        (gnutls_srvconf_t *) ap_get_module_config(r->server->module_config,
+                                                  &gnutls_module);
+
+    if (sc->enabled == GNUTLS_ENABLED_FALSE) {
+        return 0;
+    }
+
+    return 443;
+}
+
+/**
+ * From mod_ssl / ssl_engine_io.c
+ * This function will read from a brigade and discard the read buckets as it
+ * proceeds.  It will read at most *len bytes.
+ */
+static apr_status_t brigade_consume(apr_bucket_brigade * bb,
+                                    apr_read_type_e block,
+                                    char *c, apr_size_t * len)
+{
+    apr_size_t actual = 0;
+    apr_status_t status = APR_SUCCESS;
+
+    while (!APR_BRIGADE_EMPTY(bb)) {
+        apr_bucket *b = APR_BRIGADE_FIRST(bb);
+        const char *str;
+        apr_size_t str_len;
+        apr_size_t consume;
+
+        /* Justin points out this is an http-ism that might
+         * not fit if brigade_consume is added to APR.  Perhaps
+         * apr_bucket_read(eos_bucket) should return APR_EOF?
+         * Then this becomes mainline instead of a one-off.
+         */
+        if (APR_BUCKET_IS_EOS(b)) {
+            status = APR_EOF;
+            break;
+        }
+
+        /* The reason I'm not offering brigade_consume yet
+         * across to apr-util is that the following call
+         * illustrates how borked that API really is.  For
+         * this sort of case (caller provided buffer) it
+         * would be much more trivial for apr_bucket_consume
+         * to do all the work that follows, based on the
+         * particular characteristics of the bucket we are
+         * consuming here.
+         */
+        status = apr_bucket_read(b, &str, &str_len, block);
+
+        if (status != APR_SUCCESS) {
+            if (APR_STATUS_IS_EOF(status)) {
+                /* This stream bucket was consumed */
+                apr_bucket_delete(b);
+                continue;
+            }
+            break;
+        }
+
+        if (str_len > 0) {
+            /* Do not block once some data has been consumed */
+            block = APR_NONBLOCK_READ;
+
+            /* Assure we don't overflow. */
+            consume = (str_len + actual > *len) ? *len - actual : str_len;
+
+            memcpy(c, str, consume);
+
+            c += consume;
+            actual += consume;
+
+            if (consume >= b->length) {
+                /* This physical bucket was consumed */
+                apr_bucket_delete(b);
+            }
+            else {
+                /* Only part of this physical bucket was consumed */
+                b->start += consume;
+                b->length -= consume;
+            }
+        }
+        else if (b->length == 0) {
+            apr_bucket_delete(b);
+        }
+
+        /* This could probably be actual == *len, but be safe from stray
+         * photons. */
+        if (actual >= *len) {
+            break;
+        }
+    }
+
+    *len = actual;
+    return status;
+}
+
+
+static ssize_t gnutls_transport_read(gnutls_transport_ptr_t ptr,
+                                     void *buffer, size_t len)
+{
+    gnutls_handle_t *ctxt = ptr;
+    apr_status_t rc;
+    apr_size_t in = len;
+    /* If Len = 0, we don't do anything. */
+    if (!len)
+        return 0;
+
+    if (APR_BRIGADE_EMPTY(ctxt->input_bb)) {
+
+        rc = ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb,
+                            AP_MODE_READBYTES, ctxt->input_block, in);
+
+        /* Not a problem, there was simply no data ready yet.
+         */
+        if (APR_STATUS_IS_EAGAIN(rc) || APR_STATUS_IS_EINTR(rc)
+            || (rc == APR_SUCCESS && APR_BRIGADE_EMPTY(ctxt->input_bb))) {
+            return 0;
+        }
+
+        if (rc != APR_SUCCESS) {
+            /* Unexpected errors discard the brigade */
+            apr_brigade_cleanup(ctxt->input_bb);
+            ctxt->input_bb = NULL;
+            return -1;
+        }
+    }
+
+//    brigade_consume(ctxt->input_bb, ctxt->input_block, buffer, &len);
+
+
+    ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb,
+                   AP_MODE_READBYTES, ctxt->input_block, len);
+
+    return len;
+}
+
+static ssize_t gnutls_transport_write(gnutls_transport_ptr_t ptr,
+                                      const void *buffer, size_t len)
+{
+    gnutls_handle_t *ctxt = ptr;
+
+//    apr_bucket *bucket = apr_bucket_transient_create(in, inl,
+//                                                     outctx->bb->
+//                                                     bucket_alloc);
+
+    //  outctx->length += inl;
+    //APR_BRIGADE_INSERT_TAIL(outctx->bb, bucket);
+    return 0;
+}
+
+static int gnutls_hook_pre_connection(conn_rec * c, void *csd)
+{
+#ifndef GNUTLS_AS_FILTER
+    int cfd;
+#endif
+    gnutls_handle_t *ctxt;
+    gnutls_srvconf_t *sc =
+        (gnutls_srvconf_t *) ap_get_module_config(c->base_server->
+                                                  module_config,
+                                                  &gnutls_module);
+
+    if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
+        return DECLINED;
+    }
+
+    ctxt = apr_pcalloc(c->pool, sizeof(*ctxt));
+
+    ctxt->sc = sc;
+    gnutls_init(&ctxt->session, GNUTLS_SERVER);
+
+    gnutls_set_default_priority(ctxt->session);
+
+    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, sc->certs);
+
+    gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_REQUEST);
+
+    gnutls_dh_set_prime_bits(ctxt->session, DH_BITS);
+
+    ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
+
+#ifdef GNUTLS_AS_FILTER
+    gnutls_transport_set_pull_function(ctxt->session, gnutls_transport_read);
+    gnutls_transport_set_push_function(ctxt->session, gnutls_transport_write);
+    gnutls_transport_set_ptr(ctxt->session, ctxt);
+
+    ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c);
+    ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c);
+#else
+    apr_os_sock_get(&cfd, csd);
+    gnutls_transport_set_ptr(ctxt->session, (gnutls_transport_ptr)cfd);
+#endif
+    return OK;
+}
+
+static const char *gnutls_set_ca_file(cmd_parms * parms, void *dummy,
+                                      const char *arg)
+{
+    gnutls_srvconf_t *sc =
+        (gnutls_srvconf_t *) ap_get_module_config(parms->server->
+                                                  module_config,
+                                                  &gnutls_module);
+/* TODO: CRL, CAFile */
+//    gnutls_certificate_set_x509_trust_file(sc->certs, CAFILE,
+//                                         GNUTLS_X509_FMT_PEM);
+    return NULL;
+}
+
+static const command_rec gnutls_cmds[] = {
+    AP_INIT_FLAG("GnuTLSEnable", ap_set_flag_slot,
+                 (void *) APR_OFFSETOF(gnutls_srvconf_t, enabled), RSRC_CONF,
+                 "Whether this server has GnuTLS Enabled. Default: Off"),
+    AP_INIT_TAKE1("GnuTLSCertificateFile", ap_set_string_slot,
+                  (void *) APR_OFFSETOF(gnutls_srvconf_t, cert_file),
+                  RSRC_CONF,
+                  "SSL Server Key file"),
+    AP_INIT_TAKE1("GnuTLSKeyFile", ap_set_string_slot,
+                  (void *) APR_OFFSETOF(gnutls_srvconf_t, key_file),
+                  RSRC_CONF,
+                  "SSL Server Certificate file"),
+    {NULL}
+};
+
+/* TODO: CACertificateFile & Client Authentication
+ *    AP_INIT_TAKE1("GnuTLSCACertificateFile", ap_set_server_string_slot,
+ *                 (void *) APR_OFFSETOF(gnutls_srvconf_t, key_file), NULL,
+ *                 RSRC_CONF,
+ *                 "CA"),
+ */
+
+static void gnutls_hooks(apr_pool_t * p)
+{
+    ap_hook_pre_connection(gnutls_hook_pre_connection, NULL, NULL,
+                           APR_HOOK_MIDDLE);
+    ap_hook_post_config(gnutls_hook_post_config, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_http_method(gnutls_hook_http_method, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_default_port(gnutls_hook_default_port, NULL, NULL,
+                         APR_HOOK_MIDDLE);
+    ap_hook_pre_config(gnutls_hook_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
+
+    /* TODO: HTTP Upgrade Filter */
+    /* ap_register_output_filter ("UPGRADE_FILTER", 
+     *          ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
+     */
+
+    ap_register_input_filter(GNUTLS_INPUT_FILTER_NAME, gnutls_filter_input,
+                             NULL, AP_FTYPE_CONNECTION + 5);
+    ap_register_output_filter(GNUTLS_OUTPUT_FILTER_NAME, gnutls_filter_output,
+                              NULL, AP_FTYPE_CONNECTION + 5);
+
+}
+
+static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
+{
+    gnutls_srvconf_t *sc = apr_pcalloc(p, sizeof *sc);
+
+    sc->enabled = GNUTLS_ENABLED_FALSE;
+
+    gnutls_certificate_allocate_credentials(&sc->certs);
+
+    sc->key_file = NULL;
+    sc->cert_file = NULL;
+    return sc;
+}
+
+
+
+module AP_MODULE_DECLARE_DATA gnutls_module = {
+    STANDARD20_MODULE_STUFF,
+    NULL,
+    NULL,
+    gnutls_config_server_create,
+    NULL,
+/*    gnutls_config_server_merge, */
+    gnutls_cmds,
+    gnutls_hooks
+};