diff options
| -rw-r--r-- | configure.ac | 12 | ||||
| -rw-r--r-- | src/gnutls_config.c | 7 | ||||
| -rw-r--r-- | src/gnutls_hooks.c | 6 | ||||
| -rw-r--r-- | src/mod_gnutls.c | 2 |
4 files changed, 26 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 0cdcdd9..28001b3 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | dnl | 1 | dnl |
| 2 | AC_INIT(mod_gnutls, 0.5.0-alpha) | 2 | AC_INIT(mod_gnutls, 0.5.1) |
| 3 | OOO_CONFIG_NICE(config.nice) | 3 | OOO_CONFIG_NICE(config.nice) |
| 4 | MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION | 4 | MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION |
| 5 | AC_PREREQ(2.53) | 5 | AC_PREREQ(2.53) |
| @@ -37,6 +37,16 @@ AM_PATH_LIBGNUTLS_EXTRA($MIN_TLS_VERSION,, | |||
| 37 | *** | 37 | *** |
| 38 | ]])) | 38 | ]])) |
| 39 | 39 | ||
| 40 | AC_ARG_ENABLE(srp, | ||
| 41 | AS_HELP_STRING([--disable-srp], | ||
| 42 | [unconditionally disable the SRP functionality]), | ||
| 43 | use_srp=$enableval, use_srp=yes) | ||
| 44 | if test "$use_srp" != "no"; then | ||
| 45 | AC_DEFINE_UNQUOTED(ENABLE_SRP, 1, [whether to enable SRP]) | ||
| 46 | fi | ||
| 47 | AC_MSG_CHECKING([whether to enable SRP functionality]) | ||
| 48 | AC_MSG_RESULT($use_srp) | ||
| 49 | |||
| 40 | dnl CHECK_LUA() | 50 | dnl CHECK_LUA() |
| 41 | 51 | ||
| 42 | have_apr_memcache=0 | 52 | have_apr_memcache=0 |
diff --git a/src/gnutls_config.c b/src/gnutls_config.c index f08512e..e290d90 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c | |||
| @@ -281,6 +281,8 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy, | |||
| 281 | } | 281 | } |
| 282 | 282 | ||
| 283 | 283 | ||
| 284 | #ifdef ENABLE_SRP | ||
| 285 | |||
| 284 | const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, | 286 | const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, |
| 285 | const char *arg) | 287 | const char *arg) |
| 286 | { | 288 | { |
| @@ -307,6 +309,8 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy, | |||
| 307 | return NULL; | 309 | return NULL; |
| 308 | } | 310 | } |
| 309 | 311 | ||
| 312 | #endif | ||
| 313 | |||
| 310 | const char *mgs_set_cache(cmd_parms * parms, void *dummy, | 314 | const char *mgs_set_cache(cmd_parms * parms, void *dummy, |
| 311 | const char *type, const char *arg) | 315 | const char *type, const char *arg) |
| 312 | { | 316 | { |
| @@ -543,6 +547,7 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) | |||
| 543 | ": (%d) %s", ret, gnutls_strerror(ret)); | 547 | ": (%d) %s", ret, gnutls_strerror(ret)); |
| 544 | } | 548 | } |
| 545 | 549 | ||
| 550 | #ifdef ENABLE_SRP | ||
| 546 | ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); | 551 | ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); |
| 547 | if (ret < 0) { | 552 | if (ret < 0) { |
| 548 | return apr_psprintf(p, "GnuTLS: Failed to initialize" | 553 | return apr_psprintf(p, "GnuTLS: Failed to initialize" |
| @@ -551,6 +556,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) | |||
| 551 | 556 | ||
| 552 | sc->srp_tpasswd_conf_file = NULL; | 557 | sc->srp_tpasswd_conf_file = NULL; |
| 553 | sc->srp_tpasswd_file = NULL; | 558 | sc->srp_tpasswd_file = NULL; |
| 559 | #endif | ||
| 560 | |||
| 554 | sc->privkey_x509 = NULL; | 561 | sc->privkey_x509 = NULL; |
| 555 | memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); | 562 | memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); |
| 556 | sc->certs_x509_num = 0; | 563 | sc->certs_x509_num = 0; |
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 26917b8..ee3c2db 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
| @@ -131,11 +131,13 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) | |||
| 131 | 131 | ||
| 132 | gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); | 132 | gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); |
| 133 | 133 | ||
| 134 | #ifdef ENABLE_SRP | ||
| 134 | if (ctxt->sc->srp_tpasswd_conf_file != NULL | 135 | if (ctxt->sc->srp_tpasswd_conf_file != NULL |
| 135 | && ctxt->sc->srp_tpasswd_file != NULL) { | 136 | && ctxt->sc->srp_tpasswd_file != NULL) { |
| 136 | gnutls_credentials_set(session, GNUTLS_CRD_SRP, | 137 | gnutls_credentials_set(session, GNUTLS_CRD_SRP, |
| 137 | ctxt->sc->srp_creds); | 138 | ctxt->sc->srp_creds); |
| 138 | } | 139 | } |
| 140 | #endif | ||
| 139 | 141 | ||
| 140 | /* update the priorities - to avoid negotiating a ciphersuite that is not | 142 | /* update the priorities - to avoid negotiating a ciphersuite that is not |
| 141 | * enabled on this virtual server. Note that here we ignore the version | 143 | * enabled on this virtual server. Note that here we ignore the version |
| @@ -379,6 +381,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 379 | gnutls_certificate_server_set_retrieve_function(sc->certs, | 381 | gnutls_certificate_server_set_retrieve_function(sc->certs, |
| 380 | cert_retrieve_fn); | 382 | cert_retrieve_fn); |
| 381 | 383 | ||
| 384 | #ifdef ENABLE_SRP | ||
| 382 | if (sc->srp_tpasswd_conf_file != NULL | 385 | if (sc->srp_tpasswd_conf_file != NULL |
| 383 | && sc->srp_tpasswd_file != NULL) { | 386 | && sc->srp_tpasswd_file != NULL) { |
| 384 | rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, | 387 | rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, |
| @@ -395,6 +398,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 395 | exit(-1); | 398 | exit(-1); |
| 396 | } | 399 | } |
| 397 | } | 400 | } |
| 401 | #endif | ||
| 398 | 402 | ||
| 399 | if (sc->certs_x509[0] == NULL | 403 | if (sc->certs_x509[0] == NULL |
| 400 | && sc->enabled == GNUTLS_ENABLED_TRUE) { | 404 | && sc->enabled == GNUTLS_ENABLED_TRUE) { |
| @@ -722,8 +726,10 @@ int mgs_hook_fixups(request_rec * r) | |||
| 722 | gnutls_compression_get_name(gnutls_compression_get | 726 | gnutls_compression_get_name(gnutls_compression_get |
| 723 | (ctxt->session))); | 727 | (ctxt->session))); |
| 724 | 728 | ||
| 729 | #ifdef ENABLE_SRP | ||
| 725 | apr_table_setn(env, "SSL_SRP_USER", | 730 | apr_table_setn(env, "SSL_SRP_USER", |
| 726 | gnutls_srp_server_get_username(ctxt->session)); | 731 | gnutls_srp_server_get_username(ctxt->session)); |
| 732 | #endif | ||
| 727 | 733 | ||
| 728 | if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) | 734 | if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) |
| 729 | apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); | 735 | apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); |
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 014bfc8..5207641 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -104,6 +104,7 @@ static const command_rec mgs_config_cmds[] = { | |||
| 104 | NULL, | 104 | NULL, |
| 105 | RSRC_CONF, | 105 | RSRC_CONF, |
| 106 | "SSL Server PGP Private key file"), | 106 | "SSL Server PGP Private key file"), |
| 107 | #ifdef ENABLE_SRP | ||
| 107 | AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, | 108 | AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, |
| 108 | NULL, | 109 | NULL, |
| 109 | RSRC_CONF, | 110 | RSRC_CONF, |
| @@ -112,6 +113,7 @@ static const command_rec mgs_config_cmds[] = { | |||
| 112 | NULL, | 113 | NULL, |
| 113 | RSRC_CONF, | 114 | RSRC_CONF, |
| 114 | "SSL Server SRP Parameters file"), | 115 | "SSL Server SRP Parameters file"), |
| 116 | #endif | ||
| 115 | AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, | 117 | AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, |
| 116 | NULL, | 118 | NULL, |
| 117 | RSRC_CONF, | 119 | RSRC_CONF, |