aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS6
-rw-r--r--configure.ac23
-rw-r--r--src/gnutls_config.c7
-rw-r--r--src/gnutls_hooks.c6
-rw-r--r--src/mod_gnutls.c2
5 files changed, 41 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index 49abeda..84e427a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
1** Version 0.4.3
2
3- Added --disable-srp configure option
4
5- Better check for memcache (patch by Guillaume Rousse)
6
1** Version 0.4.2 (2007-12-10) 7** Version 0.4.2 (2007-12-10)
2 8
3- Added support for sending a certificate chain. 9- Added support for sending a certificate chain.
diff --git a/configure.ac b/configure.ac
index 259e289..63c05e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
1dnl 1dnl
2AC_INIT(mod_gnutls, 0.4.2.1) 2AC_INIT(mod_gnutls, 0.4.3)
3OOO_CONFIG_NICE(config.nice) 3OOO_CONFIG_NICE(config.nice)
4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION 4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
5AC_PREREQ(2.53) 5AC_PREREQ(2.53)
@@ -28,8 +28,15 @@ CHECK_APACHE(,$AP_VERSION,
28dnl LIBTOOL="`${APR_CONFIG} --apr-libtool`" 28dnl LIBTOOL="`${APR_CONFIG} --apr-libtool`"
29dnl AC_SUBST(LIBTOOL) 29dnl AC_SUBST(LIBTOOL)
30 30
31MIN_TLS_VERSION=2.1.7 31MIN_TLS_VERSION=2.2.1
32CHECK_LIBGNUTLS($MIN_TLS_VERSION) 32CHECK_LIBGNUTLS($MIN_TLS_VERSION)
33AM_PATH_LIBGNUTLS($MIN_TLS_VERSION,,
34 AC_MSG_ERROR([[
35***
36*** libgnutls were not found. You may want to get it from
37*** http://www.gnutls.org/
38***
39]]))
33 40
34dnl CHECK_LUA() 41dnl CHECK_LUA()
35 42
@@ -37,6 +44,16 @@ have_apr_memcache=0
37CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0]) 44CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
38AC_SUBST(have_apr_memcache) 45AC_SUBST(have_apr_memcache)
39 46
47AC_ARG_ENABLE(srp,
48 AS_HELP_STRING([--disable-srp],
49 [unconditionally disable the SRP functionality]),
50 use_srp=$enableval, use_srp=yes)
51if test "$use_srp" != "no"; then
52 AC_DEFINE_UNQUOTED(ENABLE_SRP, 1, [whether to enable SRP])
53fi
54AC_MSG_CHECKING([whether to enable SRP functionality])
55AC_MSG_RESULT($use_srp)
56
40MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}" 57MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}"
41MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}" 58MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
42 59
@@ -51,6 +68,6 @@ echo "Configuration summary for mod_gnutls:"
51echo "" 68echo ""
52echo " * mod_gnutls version: ${MOD_GNUTLS_VERSION}" 69echo " * mod_gnutls version: ${MOD_GNUTLS_VERSION}"
53echo " * Apache Modules directory: ${AP_LIBEXECDIR}" 70echo " * Apache Modules directory: ${AP_LIBEXECDIR}"
54echo " * GnuTLS Library version: ${LIBGNUTLS_VERSION}" 71echo " * GnuTLS Library version: ${LIBGNUTLS_VERSION} | Required: ${MIN_TLS_VERSION}+"
55echo "" 72echo ""
56echo "---" 73echo "---"
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index 8d6308a..4786f6d 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -202,6 +202,8 @@ const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
202 return NULL; 202 return NULL;
203} 203}
204 204
205#ifdef ENABLE_SRP
206
205const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, 207const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
206 const char *arg) 208 const char *arg)
207{ 209{
@@ -228,6 +230,8 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
228 return NULL; 230 return NULL;
229} 231}
230 232
233#endif
234
231const char *mgs_set_cache(cmd_parms * parms, void *dummy, 235const char *mgs_set_cache(cmd_parms * parms, void *dummy,
232 const char *type, const char *arg) 236 const char *type, const char *arg)
233{ 237{
@@ -426,6 +430,7 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
426 ": (%d) %s", ret, gnutls_strerror(ret)); 430 ": (%d) %s", ret, gnutls_strerror(ret));
427 } 431 }
428 432
433#ifdef ENABLE_SRP
429 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); 434 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds);
430 if (ret < 0) { 435 if (ret < 0) {
431 return apr_psprintf(p, "GnuTLS: Failed to initialize" 436 return apr_psprintf(p, "GnuTLS: Failed to initialize"
@@ -434,6 +439,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
434 439
435 sc->srp_tpasswd_conf_file = NULL; 440 sc->srp_tpasswd_conf_file = NULL;
436 sc->srp_tpasswd_file = NULL; 441 sc->srp_tpasswd_file = NULL;
442#endif
443
437 sc->privkey_x509 = NULL; 444 sc->privkey_x509 = NULL;
438 memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); 445 memset( sc->certs_x509, 0, sizeof(sc->certs_x509));
439 sc->certs_x509_num = 0; 446 sc->certs_x509_num = 0;
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 55a1120..0483602 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -115,11 +115,13 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session)
115 115
116 gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); 116 gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds);
117 117
118#ifdef ENABLE_SRP
118 if (ctxt->sc->srp_tpasswd_conf_file != NULL 119 if (ctxt->sc->srp_tpasswd_conf_file != NULL
119 && ctxt->sc->srp_tpasswd_file != NULL) { 120 && ctxt->sc->srp_tpasswd_file != NULL) {
120 gnutls_credentials_set(session, GNUTLS_CRD_SRP, 121 gnutls_credentials_set(session, GNUTLS_CRD_SRP,
121 ctxt->sc->srp_creds); 122 ctxt->sc->srp_creds);
122 } 123 }
124#endif
123 125
124 /* update the priorities - to avoid negotiating a ciphersuite that is not 126 /* update the priorities - to avoid negotiating a ciphersuite that is not
125 * enabled on this virtual server. Note that here we ignore the version 127 * enabled on this virtual server. Note that here we ignore the version
@@ -313,6 +315,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
313 gnutls_certificate_server_set_retrieve_function(sc->certs, 315 gnutls_certificate_server_set_retrieve_function(sc->certs,
314 cert_retrieve_fn); 316 cert_retrieve_fn);
315 317
318#ifdef ENABLE_SRP
316 if (sc->srp_tpasswd_conf_file != NULL 319 if (sc->srp_tpasswd_conf_file != NULL
317 && sc->srp_tpasswd_file != NULL) { 320 && sc->srp_tpasswd_file != NULL) {
318 rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, 321 rv = gnutls_srp_set_server_credentials_file(sc->srp_creds,
@@ -329,6 +332,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
329 exit(-1); 332 exit(-1);
330 } 333 }
331 } 334 }
335#endif
332 336
333 if (sc->certs_x509[0] == NULL 337 if (sc->certs_x509[0] == NULL
334 && sc->enabled == GNUTLS_ENABLED_TRUE) { 338 && sc->enabled == GNUTLS_ENABLED_TRUE) {
@@ -662,8 +666,10 @@ int mgs_hook_fixups(request_rec * r)
662 gnutls_compression_get_name(gnutls_compression_get 666 gnutls_compression_get_name(gnutls_compression_get
663 (ctxt->session))); 667 (ctxt->session)));
664 668
669#ifdef ENABLE_SRP
665 apr_table_setn(env, "SSL_SRP_USER", 670 apr_table_setn(env, "SSL_SRP_USER",
666 gnutls_srp_server_get_username(ctxt->session)); 671 gnutls_srp_server_get_username(ctxt->session));
672#endif
667 673
668 if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) 674 if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL)
669 apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); 675 apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE");
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index a6e5528..a8363fe 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -80,6 +80,7 @@ static const command_rec mgs_config_cmds[] = {
80 NULL, 80 NULL,
81 RSRC_CONF, 81 RSRC_CONF,
82 "SSL Server SRP Password file"), 82 "SSL Server SRP Password file"),
83#ifdef ENABLE_SRP
83 AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, 84 AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file,
84 NULL, 85 NULL,
85 RSRC_CONF, 86 RSRC_CONF,
@@ -88,6 +89,7 @@ static const command_rec mgs_config_cmds[] = {
88 NULL, 89 NULL,
89 RSRC_CONF, 90 RSRC_CONF,
90 "SSL Server SRP Parameters file"), 91 "SSL Server SRP Parameters file"),
92#endif
91 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, 93 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
92 NULL, 94 NULL,
93 RSRC_CONF, 95 RSRC_CONF,