diff options
-rw-r--r-- | src/gnutls_hooks.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 920eccc..ce5efbb 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -222,11 +222,10 @@ static int read_crt_cn(apr_pool_t * p, gnutls_x509_crt cert, | |||
222 | GNUTLS_OID_X520_COMMON_NAME, | 222 | GNUTLS_OID_X520_COMMON_NAME, |
223 | 0, 0, NULL, &data_len); | 223 | 0, 0, NULL, &data_len); |
224 | 224 | ||
225 | if (rv >= 0 && data_len > 1) { | 225 | if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) { |
226 | *cert_cn = apr_palloc(p, data_len); | 226 | *cert_cn = apr_palloc(p, data_len); |
227 | rv = gnutls_x509_crt_get_dn_by_oid(cert, | 227 | rv = gnutls_x509_crt_get_dn_by_oid(cert, |
228 | GNUTLS_OID_X520_COMMON_NAME, 0, | 228 | GNUTLS_OID_X520_COMMON_NAME, 0, 0, *cert_cn, &data_len); |
229 | 0, *cert_cn, &data_len); | ||
230 | } else { /* No CN return subject alternative name */ | 229 | } else { /* No CN return subject alternative name */ |
231 | 230 | ||
232 | /* read subject alternative name */ | 231 | /* read subject alternative name */ |
@@ -356,11 +355,16 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
356 | 355 | ||
357 | if (sc->srp_tpasswd_conf_file != NULL | 356 | if (sc->srp_tpasswd_conf_file != NULL |
358 | && sc->srp_tpasswd_file != NULL) { | 357 | && sc->srp_tpasswd_file != NULL) { |
359 | gnutls_srp_set_server_credentials_file(sc->srp_creds, | 358 | rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, |
360 | sc-> | 359 | sc->srp_tpasswd_file, sc->srp_tpasswd_conf_file); |
361 | srp_tpasswd_file, | 360 | |
362 | sc-> | 361 | if (rv < 0 && sc->enabled == GNUTLS_ENABLED_TRUE) { |
363 | srp_tpasswd_conf_file); | 362 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, |
363 | "[GnuTLS] - Host '%s:%d' is missing a " | ||
364 | "SRP password or conf File!", s->server_hostname, | ||
365 | s->port); | ||
366 | exit(-1); | ||
367 | } | ||
364 | } | 368 | } |
365 | 369 | ||
366 | if (sc->cert_x509 == NULL | 370 | if (sc->cert_x509 == NULL |
@@ -384,6 +388,9 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
384 | if (sc->enabled == GNUTLS_ENABLED_TRUE) { | 388 | if (sc->enabled == GNUTLS_ENABLED_TRUE) { |
385 | rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn); | 389 | rv = read_crt_cn(p, sc->cert_x509, &sc->cert_cn); |
386 | if (rv < 0) { | 390 | if (rv < 0) { |
391 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, | ||
392 | "[GnuTLS] - Cannot find a certificate for host '%s:%d'! Disabling TLS.", | ||
393 | s->server_hostname, s->port); | ||
387 | sc->enabled = GNUTLS_ENABLED_FALSE; | 394 | sc->enabled = GNUTLS_ENABLED_FALSE; |
388 | sc->cert_cn = NULL; | 395 | sc->cert_cn = NULL; |
389 | continue; | 396 | continue; |