aboutsummaryrefslogtreecommitdiffstats
path: root/src/gnutls_config.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gnutls_config.c')
-rw-r--r--src/gnutls_config.c1039
1 files changed, 541 insertions, 498 deletions
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index ff8ec33..fc3e166 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -21,284 +21,308 @@
21static int load_datum_from_file(apr_pool_t * pool, 21static int load_datum_from_file(apr_pool_t * pool,
22 const char *file, gnutls_datum_t * data) 22 const char *file, gnutls_datum_t * data)
23{ 23{
24 apr_file_t *fp; 24 apr_file_t *fp;
25 apr_finfo_t finfo; 25 apr_finfo_t finfo;
26 apr_status_t rv; 26 apr_status_t rv;
27 apr_size_t br = 0; 27 apr_size_t br = 0;
28 28
29 rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT, 29 rv = apr_file_open(&fp, file, APR_READ | APR_BINARY,
30 pool); 30 APR_OS_DEFAULT, pool);
31 if (rv != APR_SUCCESS) { 31 if (rv != APR_SUCCESS) {
32 return rv; 32 return rv;
33 } 33 }
34 34
35 rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); 35 rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
36 36
37 if (rv != APR_SUCCESS) { 37 if (rv != APR_SUCCESS) {
38 return rv; 38 return rv;
39 } 39 }
40 40
41 data->data = apr_palloc(pool, finfo.size + 1); 41 data->data = apr_palloc(pool, finfo.size + 1);
42 rv = apr_file_read_full(fp, data->data, finfo.size, &br); 42 rv = apr_file_read_full(fp, data->data, finfo.size, &br);
43 43
44 if (rv != APR_SUCCESS) { 44 if (rv != APR_SUCCESS) {
45 return rv; 45 return rv;
46 } 46 }
47 apr_file_close(fp); 47 apr_file_close(fp);
48 48
49 data->data[br] = '\0'; 49 data->data[br] = '\0';
50 data->size = br; 50 data->size = br;
51 51
52 return 0; 52 return 0;
53} 53}
54 54
55const char *mgs_set_dh_file(cmd_parms * parms, void *dummy, 55const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
56 const char *arg) 56 const char *arg)
57{ 57{
58 int ret; 58 int ret;
59 gnutls_datum_t data; 59 gnutls_datum_t data;
60 const char *file; 60 const char *file;
61 apr_pool_t *spool; 61 apr_pool_t *spool;
62 mgs_srvconf_rec *sc = 62 mgs_srvconf_rec *sc =
63 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 63 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
64 module_config, 64 module_config,
65 &gnutls_module); 65 &gnutls_module);
66 66
67 apr_pool_create(&spool, parms->pool); 67 apr_pool_create(&spool, parms->pool);
68 68
69 file = ap_server_root_relative(spool, arg); 69 file = ap_server_root_relative(spool, arg);
70 70
71 if (load_datum_from_file(spool, file, &data) != 0) { 71 if (load_datum_from_file(spool, file, &data) != 0) {
72 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 72 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
73 "DH params '%s'", file); 73 "DH params '%s'", file);
74 } 74 }
75 75
76 ret = gnutls_dh_params_init(&sc->dh_params); 76 ret = gnutls_dh_params_init(&sc->dh_params);
77 if (ret < 0) { 77 if (ret < 0) {
78 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 78 return apr_psprintf(parms->pool,
79 ": (%d) %s", ret, gnutls_strerror(ret)); 79 "GnuTLS: Failed to initialize"
80 } 80 ": (%d) %s", ret,
81 81 gnutls_strerror(ret));
82 ret = 82 }
83 gnutls_dh_params_import_pkcs3(sc->dh_params, &data, GNUTLS_X509_FMT_PEM); 83
84 if (ret < 0) { 84 ret =
85 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 85 gnutls_dh_params_import_pkcs3(sc->dh_params, &data,
86 "DH params '%s': (%d) %s", file, ret, 86 GNUTLS_X509_FMT_PEM);
87 gnutls_strerror(ret)); 87 if (ret < 0) {
88 } 88 return apr_psprintf(parms->pool,
89 89 "GnuTLS: Failed to Import "
90 apr_pool_destroy(spool); 90 "DH params '%s': (%d) %s", file, ret,
91 91 gnutls_strerror(ret));
92 return NULL; 92 }
93
94 apr_pool_destroy(spool);
95
96 return NULL;
93} 97}
94 98
95const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy, 99const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy,
96 const char *arg) 100 const char *arg)
97{ 101{
98 int ret; 102 int ret;
99 gnutls_datum_t data; 103 gnutls_datum_t data;
100 const char *file; 104 const char *file;
101 apr_pool_t *spool; 105 apr_pool_t *spool;
102 mgs_srvconf_rec *sc = 106 mgs_srvconf_rec *sc =
103 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 107 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
104 module_config, 108 module_config,
105 &gnutls_module); 109 &gnutls_module);
106 110
107 apr_pool_create(&spool, parms->pool); 111 apr_pool_create(&spool, parms->pool);
108 112
109 file = ap_server_root_relative(spool, arg); 113 file = ap_server_root_relative(spool, arg);
110 114
111 if (load_datum_from_file(spool, file, &data) != 0) { 115 if (load_datum_from_file(spool, file, &data) != 0) {
112 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 116 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
113 "RSA params '%s'", file); 117 "RSA params '%s'", file);
114 } 118 }
115 119
116 ret = gnutls_rsa_params_init(&sc->rsa_params); 120 ret = gnutls_rsa_params_init(&sc->rsa_params);
117 if (ret < 0) { 121 if (ret < 0) {
118 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 122 return apr_psprintf(parms->pool,
119 ": (%d) %s", ret, gnutls_strerror(ret)); 123 "GnuTLS: Failed to initialize"
120 } 124 ": (%d) %s", ret,
121 125 gnutls_strerror(ret));
122 ret = 126 }
123 gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, GNUTLS_X509_FMT_PEM); 127
124 if (ret != 0) { 128 ret =
125 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 129 gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data,
126 "RSA params '%s': (%d) %s", file, ret, 130 GNUTLS_X509_FMT_PEM);
127 gnutls_strerror(ret)); 131 if (ret != 0) {
128 } 132 return apr_psprintf(parms->pool,
129 133 "GnuTLS: Failed to Import "
130 apr_pool_destroy(spool); 134 "RSA params '%s': (%d) %s", file, ret,
131 return NULL; 135 gnutls_strerror(ret));
136 }
137
138 apr_pool_destroy(spool);
139 return NULL;
132} 140}
133 141
134 142
135const char *mgs_set_cert_file(cmd_parms * parms, void *dummy, 143const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
136 const char *arg) 144 const char *arg)
137{ 145{
138 int ret; 146 int ret;
139 gnutls_datum_t data; 147 gnutls_datum_t data;
140 const char *file; 148 const char *file;
141 apr_pool_t *spool; 149 apr_pool_t *spool;
142 mgs_srvconf_rec *sc = 150 mgs_srvconf_rec *sc =
143 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 151 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
144 module_config, 152 module_config,
145 &gnutls_module); 153 &gnutls_module);
146 apr_pool_create(&spool, parms->pool); 154 apr_pool_create(&spool, parms->pool);
147 155
148 file = ap_server_root_relative(spool, arg); 156 file = ap_server_root_relative(spool, arg);
149 157
150 if (load_datum_from_file(spool, file, &data) != 0) { 158 if (load_datum_from_file(spool, file, &data) != 0) {
151 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 159 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
152 "Certificate '%s'", file); 160 "Certificate '%s'", file);
153 } 161 }
154 162
155 sc->certs_x509_num = MAX_CHAIN_SIZE; 163 sc->certs_x509_num = MAX_CHAIN_SIZE;
156 ret = 164 ret =
157 gnutls_x509_crt_list_import(sc->certs_x509, &sc->certs_x509_num, &data, GNUTLS_X509_FMT_PEM, 0); 165 gnutls_x509_crt_list_import(sc->certs_x509,
158 if (ret < 0) { 166 &sc->certs_x509_num, &data,
159 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 167 GNUTLS_X509_FMT_PEM, 0);
160 "Certificate '%s': (%d) %s", file, ret, 168 if (ret < 0) {
161 gnutls_strerror(ret)); 169 return apr_psprintf(parms->pool,
162 } 170 "GnuTLS: Failed to Import "
163 171 "Certificate '%s': (%d) %s", file, ret,
164 apr_pool_destroy(spool); 172 gnutls_strerror(ret));
165 return NULL; 173 }
174
175 apr_pool_destroy(spool);
176 return NULL;
166} 177}
167 178
168const char *mgs_set_key_file(cmd_parms * parms, void *dummy, 179const char *mgs_set_key_file(cmd_parms * parms, void *dummy,
169 const char *arg) 180 const char *arg)
170{ 181{
171 int ret; 182 int ret;
172 gnutls_datum_t data; 183 gnutls_datum_t data;
173 const char *file; 184 const char *file;
174 apr_pool_t *spool; 185 apr_pool_t *spool;
175 mgs_srvconf_rec *sc = 186 mgs_srvconf_rec *sc =
176 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 187 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
177 module_config, 188 module_config,
178 &gnutls_module); 189 &gnutls_module);
179 apr_pool_create(&spool, parms->pool); 190 apr_pool_create(&spool, parms->pool);
180 191
181 file = ap_server_root_relative(spool, arg); 192 file = ap_server_root_relative(spool, arg);
182 193
183 if (load_datum_from_file(spool, file, &data) != 0) { 194 if (load_datum_from_file(spool, file, &data) != 0) {
184 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 195 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
185 "Private Key '%s'", file); 196 "Private Key '%s'", file);
186 } 197 }
187 198
188 ret = gnutls_x509_privkey_init(&sc->privkey_x509); 199 ret = gnutls_x509_privkey_init(&sc->privkey_x509);
189 if (ret < 0) { 200 if (ret < 0) {
190 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 201 return apr_psprintf(parms->pool,
191 ": (%d) %s", ret, gnutls_strerror(ret)); 202 "GnuTLS: Failed to initialize"
192 } 203 ": (%d) %s", ret,
193 204 gnutls_strerror(ret));
194 ret = 205 }
195 gnutls_x509_privkey_import(sc->privkey_x509, &data, 206
196 GNUTLS_X509_FMT_PEM); 207 ret =
197 208 gnutls_x509_privkey_import(sc->privkey_x509, &data,
198 if (ret < 0) 209 GNUTLS_X509_FMT_PEM);
199 ret = gnutls_x509_privkey_import_pkcs8 (sc->privkey_x509, &data, GNUTLS_X509_FMT_PEM, 210
200 NULL, GNUTLS_PKCS_PLAIN); 211 if (ret < 0)
201 212 ret =
202 if (ret < 0) { 213 gnutls_x509_privkey_import_pkcs8(sc->privkey_x509,
203 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 214 &data,
204 "Private Key '%s': (%d) %s", file, ret, 215 GNUTLS_X509_FMT_PEM,
205 gnutls_strerror(ret)); 216 NULL,
206 } 217 GNUTLS_PKCS_PLAIN);
207 apr_pool_destroy(spool); 218
208 return NULL; 219 if (ret < 0) {
220 return apr_psprintf(parms->pool,
221 "GnuTLS: Failed to Import "
222 "Private Key '%s': (%d) %s", file, ret,
223 gnutls_strerror(ret));
224 }
225 apr_pool_destroy(spool);
226 return NULL;
209} 227}
210 228
211const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy, 229const char *mgs_set_pgpcert_file(cmd_parms * parms, void *dummy,
212 const char *arg) 230 const char *arg)
213{ 231{
214 int ret; 232 int ret;
215 gnutls_datum_t data; 233 gnutls_datum_t data;
216 const char *file; 234 const char *file;
217 apr_pool_t *spool; 235 apr_pool_t *spool;
218 mgs_srvconf_rec *sc = 236 mgs_srvconf_rec *sc =
219 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 237 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
220 module_config, 238 module_config,
221 &gnutls_module); 239 &gnutls_module);
222 apr_pool_create(&spool, parms->pool); 240 apr_pool_create(&spool, parms->pool);
223 241
224 file = ap_server_root_relative(spool, arg); 242 file = ap_server_root_relative(spool, arg);
225 243
226 if (load_datum_from_file(spool, file, &data) != 0) { 244 if (load_datum_from_file(spool, file, &data) != 0) {
227 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 245 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
228 "Certificate '%s'", file); 246 "Certificate '%s'", file);
229 } 247 }
230 248
231 ret = gnutls_openpgp_crt_init( &sc->cert_pgp); 249 ret = gnutls_openpgp_crt_init(&sc->cert_pgp);
232 if (ret < 0) { 250 if (ret < 0) {
233 return apr_psprintf(parms->pool, "GnuTLS: Failed to Init " 251 return apr_psprintf(parms->pool, "GnuTLS: Failed to Init "
234 "PGP Certificate: (%d) %s", ret, 252 "PGP Certificate: (%d) %s", ret,
235 gnutls_strerror(ret)); 253 gnutls_strerror(ret));
236 } 254 }
237 255
238 ret = 256 ret =
239 gnutls_openpgp_crt_import(sc->cert_pgp, &data, GNUTLS_OPENPGP_FMT_BASE64); 257 gnutls_openpgp_crt_import(sc->cert_pgp, &data,
240 if (ret < 0) { 258 GNUTLS_OPENPGP_FMT_BASE64);
241 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 259 if (ret < 0) {
242 "PGP Certificate '%s': (%d) %s", file, ret, 260 return apr_psprintf(parms->pool,
243 gnutls_strerror(ret)); 261 "GnuTLS: Failed to Import "
244 } 262 "PGP Certificate '%s': (%d) %s", file,
245 263 ret, gnutls_strerror(ret));
246 apr_pool_destroy(spool); 264 }
247 return NULL; 265
266 apr_pool_destroy(spool);
267 return NULL;
248} 268}
249 269
250const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy, 270const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy,
251 const char *arg) 271 const char *arg)
252{ 272{
253 int ret; 273 int ret;
254 gnutls_datum_t data; 274 gnutls_datum_t data;
255 const char *file; 275 const char *file;
256 apr_pool_t *spool; 276 apr_pool_t *spool;
257 mgs_srvconf_rec *sc = 277 mgs_srvconf_rec *sc =
258 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 278 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
259 module_config, 279 module_config,
260 &gnutls_module); 280 &gnutls_module);
261 apr_pool_create(&spool, parms->pool); 281 apr_pool_create(&spool, parms->pool);
262 282
263 file = ap_server_root_relative(spool, arg); 283 file = ap_server_root_relative(spool, arg);
264 284
265 if (load_datum_from_file(spool, file, &data) != 0) { 285 if (load_datum_from_file(spool, file, &data) != 0) {
266 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 286 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
267 "Private Key '%s'", file); 287 "Private Key '%s'", file);
268 } 288 }
269 289
270 ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp); 290 ret = gnutls_openpgp_privkey_init(&sc->privkey_pgp);
271 if (ret < 0) { 291 if (ret < 0) {
272 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 292 return apr_psprintf(parms->pool,
273 ": (%d) %s", ret, gnutls_strerror(ret)); 293 "GnuTLS: Failed to initialize"
274 } 294 ": (%d) %s", ret,
275 295 gnutls_strerror(ret));
276 ret = 296 }
277 gnutls_openpgp_privkey_import(sc->privkey_pgp, &data, 297
278 GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); 298 ret =
279 if (ret != 0) { 299 gnutls_openpgp_privkey_import(sc->privkey_pgp, &data,
280 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 300 GNUTLS_OPENPGP_FMT_BASE64, NULL,
281 "PGP Private Key '%s': (%d) %s", file, ret, 301 0);
282 gnutls_strerror(ret)); 302 if (ret != 0) {
283 } 303 return apr_psprintf(parms->pool,
284 apr_pool_destroy(spool); 304 "GnuTLS: Failed to Import "
285 return NULL; 305 "PGP Private Key '%s': (%d) %s", file,
306 ret, gnutls_strerror(ret));
307 }
308 apr_pool_destroy(spool);
309 return NULL;
286} 310}
287 311
288const char *mgs_set_tickets(cmd_parms * parms, void *dummy, 312const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
289 const char *arg) 313 const char *arg)
290{ 314{
291 mgs_srvconf_rec *sc = 315 mgs_srvconf_rec *sc =
292 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 316 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
293 module_config, 317 module_config,
294 &gnutls_module); 318 &gnutls_module);
295 319
296 sc->tickets = 0; 320 sc->tickets = 0;
297 if (strcasecmp("on", arg) == 0) { 321 if (strcasecmp("on", arg) == 0) {
298 sc->tickets = 1; 322 sc->tickets = 1;
299 } 323 }
300 324
301 return NULL; 325 return NULL;
302} 326}
303 327
304 328
@@ -307,27 +331,28 @@ const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
307const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, 331const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy,
308 const char *arg) 332 const char *arg)
309{ 333{
310 mgs_srvconf_rec *sc = 334 mgs_srvconf_rec *sc =
311 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 335 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
312 module_config, 336 module_config,
313 &gnutls_module); 337 &gnutls_module);
314 338
315 sc->srp_tpasswd_file = ap_server_root_relative(parms->pool, arg); 339 sc->srp_tpasswd_file = ap_server_root_relative(parms->pool, arg);
316 340
317 return NULL; 341 return NULL;
318} 342}
319 343
320const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy, 344const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
321 const char *arg) 345 const char *arg)
322{ 346{
323 mgs_srvconf_rec *sc = 347 mgs_srvconf_rec *sc =
324 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 348 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
325 module_config, 349 module_config,
326 &gnutls_module); 350 &gnutls_module);
327 351
328 sc->srp_tpasswd_conf_file = ap_server_root_relative(parms->pool, arg); 352 sc->srp_tpasswd_conf_file =
353 ap_server_root_relative(parms->pool, arg);
329 354
330 return NULL; 355 return NULL;
331} 356}
332 357
333#endif 358#endif
@@ -335,308 +360,326 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
335const char *mgs_set_cache(cmd_parms * parms, void *dummy, 360const char *mgs_set_cache(cmd_parms * parms, void *dummy,
336 const char *type, const char *arg) 361 const char *type, const char *arg)
337{ 362{
338 const char *err; 363 const char *err;
339 mgs_srvconf_rec *sc = ap_get_module_config(parms->server-> 364 mgs_srvconf_rec *sc =
340 module_config, 365 ap_get_module_config(parms->server->module_config,
341 &gnutls_module); 366 &gnutls_module);
342 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) { 367 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
343 return err; 368 return err;
344 } 369 }
345 370
346 if (strcasecmp("none", type) == 0) { 371 if (strcasecmp("none", type) == 0) {
347 sc->cache_type = mgs_cache_none; 372 sc->cache_type = mgs_cache_none;
348 } else if (strcasecmp("dbm", type) == 0) { 373 } else if (strcasecmp("dbm", type) == 0) {
349 sc->cache_type = mgs_cache_dbm; 374 sc->cache_type = mgs_cache_dbm;
350 } 375 } else if (strcasecmp("gdbm", type) == 0) {
351 else if (strcasecmp("gdbm", type) == 0) { 376 sc->cache_type = mgs_cache_gdbm;
352 sc->cache_type = mgs_cache_gdbm; 377 }
353 }
354#if HAVE_APR_MEMCACHE 378#if HAVE_APR_MEMCACHE
355 else if (strcasecmp("memcache", type) == 0) { 379 else if (strcasecmp("memcache", type) == 0) {
356 sc->cache_type = mgs_cache_memcache; 380 sc->cache_type = mgs_cache_memcache;
357 } 381 }
358#endif 382#endif
359 else { 383 else {
360 return "Invalid Type for GnuTLSCache!"; 384 return "Invalid Type for GnuTLSCache!";
361 } 385 }
362 386
363 if (sc->cache_type == mgs_cache_dbm || sc->cache_type == mgs_cache_gdbm) { 387 if (sc->cache_type == mgs_cache_dbm
364 sc->cache_config = ap_server_root_relative(parms->pool, arg); 388 || sc->cache_type == mgs_cache_gdbm) {
365 } else { 389 sc->cache_config =
366 sc->cache_config = apr_pstrdup(parms->pool, arg); 390 ap_server_root_relative(parms->pool, arg);
367 } 391 } else {
368 392 sc->cache_config = apr_pstrdup(parms->pool, arg);
369 return NULL; 393 }
394
395 return NULL;
370} 396}
371 397
372const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy, 398const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
373 const char *arg) 399 const char *arg)
374{ 400{
375 int argint; 401 int argint;
376 mgs_srvconf_rec *sc =
377 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
378 module_config,
379 &gnutls_module);
380
381 argint = atoi(arg);
382
383 if (argint < 0) {
384 return "GnuTLSCacheTimeout: Invalid argument";
385 } else if (argint == 0) {
386 sc->cache_timeout = 0;
387 } else {
388 sc->cache_timeout = apr_time_from_sec(argint);
389 }
390
391 return NULL;
392}
393
394const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
395 const char *arg)
396{
397 int mode;
398
399 if (strcasecmp("none", arg) == 0 || strcasecmp("ignore", arg) == 0) {
400 mode = GNUTLS_CERT_IGNORE;
401 } else if (strcasecmp("optional", arg) == 0
402 || strcasecmp("request", arg) == 0) {
403 mode = GNUTLS_CERT_REQUEST;
404 } else if (strcasecmp("require", arg) == 0) {
405 mode = GNUTLS_CERT_REQUIRE;
406 } else {
407 return "GnuTLSClientVerify: Invalid argument";
408 }
409
410 /* This was set from a directory context */
411 if (parms->path) {
412 mgs_dirconf_rec *dc = (mgs_dirconf_rec *) dummy;
413 dc->client_verify_mode = mode;
414 } else {
415 mgs_srvconf_rec *sc = 402 mgs_srvconf_rec *sc =
416 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 403 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
417 module_config, 404 module_config,
418 &gnutls_module); 405 &gnutls_module);
419 sc->client_verify_mode = mode;
420 }
421 406
422 return NULL; 407 argint = atoi(arg);
408
409 if (argint < 0) {
410 return "GnuTLSCacheTimeout: Invalid argument";
411 } else if (argint == 0) {
412 sc->cache_timeout = 0;
413 } else {
414 sc->cache_timeout = apr_time_from_sec(argint);
415 }
416
417 return NULL;
418}
419
420const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
421 const char *arg)
422{
423 int mode;
424
425 if (strcasecmp("none", arg) == 0 || strcasecmp("ignore", arg) == 0) {
426 mode = GNUTLS_CERT_IGNORE;
427 } else if (strcasecmp("optional", arg) == 0
428 || strcasecmp("request", arg) == 0) {
429 mode = GNUTLS_CERT_REQUEST;
430 } else if (strcasecmp("require", arg) == 0) {
431 mode = GNUTLS_CERT_REQUIRE;
432 } else {
433 return "GnuTLSClientVerify: Invalid argument";
434 }
435
436 /* This was set from a directory context */
437 if (parms->path) {
438 mgs_dirconf_rec *dc = (mgs_dirconf_rec *) dummy;
439 dc->client_verify_mode = mode;
440 } else {
441 mgs_srvconf_rec *sc =
442 (mgs_srvconf_rec *)
443 ap_get_module_config(parms->server->module_config,
444 &gnutls_module);
445 sc->client_verify_mode = mode;
446 }
447
448 return NULL;
423} 449}
424 450
425#define INIT_CA_SIZE 128 451#define INIT_CA_SIZE 128
426const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy, 452const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
427 const char *arg) 453 const char *arg)
428{ 454{
429 int rv; 455 int rv;
430 const char *file; 456 const char *file;
431 apr_pool_t *spool; 457 apr_pool_t *spool;
432 gnutls_datum_t data; 458 gnutls_datum_t data;
433 459
434 mgs_srvconf_rec *sc = 460 mgs_srvconf_rec *sc =
435 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 461 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
436 module_config, 462 module_config,
437 &gnutls_module); 463 &gnutls_module);
438 apr_pool_create(&spool, parms->pool); 464 apr_pool_create(&spool, parms->pool);
439 465
440 file = ap_server_root_relative(spool, arg); 466 file = ap_server_root_relative(spool, arg);
441 467
442 if (load_datum_from_file(spool, file, &data) != 0) { 468 if (load_datum_from_file(spool, file, &data) != 0) {
443 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 469 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
444 "Client CA File '%s'", file); 470 "Client CA File '%s'", file);
445 } 471 }
446 472
447 sc->ca_list_size = INIT_CA_SIZE; 473 sc->ca_list_size = INIT_CA_SIZE;
448 sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list)); 474 sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list));
449 if (sc->ca_list == NULL) { 475 if (sc->ca_list == NULL) {
450 return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error"); 476 return apr_psprintf(parms->pool,
451 } 477 "mod_gnutls: Memory allocation error");
452 478 }
453 rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size, 479
454 &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); 480 rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
455 if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) { 481 &data, GNUTLS_X509_FMT_PEM,
456 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 482 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
457 "Client CA File '%s': (%d) %s", file, rv, 483 if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) {
458 gnutls_strerror(rv)); 484 return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
459 } 485 "Client CA File '%s': (%d) %s", file,
460 486 rv, gnutls_strerror(rv));
461 if (INIT_CA_SIZE < sc->ca_list_size) { 487 }
462 sc->ca_list = realloc(sc->ca_list, sc->ca_list_size*sizeof(*sc->ca_list)); 488
463 if (sc->ca_list == NULL) { 489 if (INIT_CA_SIZE < sc->ca_list_size) {
464 return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error"); 490 sc->ca_list =
465 } 491 realloc(sc->ca_list,
466 492 sc->ca_list_size * sizeof(*sc->ca_list));
467 /* re-read */ 493 if (sc->ca_list == NULL) {
468 rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size, 494 return apr_psprintf(parms->pool,
469 &data, GNUTLS_X509_FMT_PEM, 0); 495 "mod_gnutls: Memory allocation error");
470 496 }
471 if (rv < 0) { 497
472 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 498 /* re-read */
473 "Client CA File '%s': (%d) %s", file, rv, 499 rv = gnutls_x509_crt_list_import(sc->ca_list,
474 gnutls_strerror(rv)); 500 &sc->ca_list_size, &data,
475 } 501 GNUTLS_X509_FMT_PEM, 0);
476 } 502
477 503 if (rv < 0) {
478 apr_pool_destroy(spool); 504 return apr_psprintf(parms->pool,
479 return NULL; 505 "GnuTLS: Failed to load "
506 "Client CA File '%s': (%d) %s",
507 file, rv, gnutls_strerror(rv));
508 }
509 }
510
511 apr_pool_destroy(spool);
512 return NULL;
480} 513}
481 514
482const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy, 515const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
483 const char *arg) 516 const char *arg)
484{ 517{
485 int rv; 518 int rv;
486 const char *file; 519 const char *file;
487 apr_pool_t *spool; 520 apr_pool_t *spool;
488 gnutls_datum_t data; 521 gnutls_datum_t data;
489 522
490 mgs_srvconf_rec *sc = 523 mgs_srvconf_rec *sc =
491 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 524 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
492 module_config, 525 module_config,
493 &gnutls_module); 526 &gnutls_module);
494 apr_pool_create(&spool, parms->pool); 527 apr_pool_create(&spool, parms->pool);
495 528
496 file = ap_server_root_relative(spool, arg); 529 file = ap_server_root_relative(spool, arg);
497 530
498 if (load_datum_from_file(spool, file, &data) != 0) { 531 if (load_datum_from_file(spool, file, &data) != 0) {
499 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 532 return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
500 "Keyring File '%s'", file); 533 "Keyring File '%s'", file);
501 } 534 }
502 535
503 rv = gnutls_openpgp_keyring_init(&sc->pgp_list); 536 rv = gnutls_openpgp_keyring_init(&sc->pgp_list);
504 if (rv < 0) { 537 if (rv < 0) {
505 return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" 538 return apr_psprintf(parms->pool,
506 "keyring: (%d) %s", rv, gnutls_strerror(rv)); 539 "GnuTLS: Failed to initialize"
507 } 540 "keyring: (%d) %s", rv,
508 541 gnutls_strerror(rv));
509 rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data, GNUTLS_OPENPGP_FMT_BASE64); 542 }
510 if (rv < 0) { 543
511 return apr_psprintf(parms->pool, "GnuTLS: Failed to load " 544 rv = gnutls_openpgp_keyring_import(sc->pgp_list, &data,
512 "Keyring File '%s': (%d) %s", file, rv, 545 GNUTLS_OPENPGP_FMT_BASE64);
513 gnutls_strerror(rv)); 546 if (rv < 0) {
514 } 547 return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
515 548 "Keyring File '%s': (%d) %s", file, rv,
516 apr_pool_destroy(spool); 549 gnutls_strerror(rv));
517 return NULL; 550 }
551
552 apr_pool_destroy(spool);
553 return NULL;
518} 554}
519 555
520const char *mgs_set_enabled(cmd_parms * parms, void *dummy, 556const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
521 const char *arg) 557 const char *arg)
522{ 558{
523 mgs_srvconf_rec *sc = 559 mgs_srvconf_rec *sc =
524 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 560 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
525 module_config, 561 module_config,
526 &gnutls_module); 562 &gnutls_module);
527 if (!strcasecmp(arg, "On")) { 563 if (!strcasecmp(arg, "On")) {
528 sc->enabled = GNUTLS_ENABLED_TRUE; 564 sc->enabled = GNUTLS_ENABLED_TRUE;
529 } else if (!strcasecmp(arg, "Off")) { 565 } else if (!strcasecmp(arg, "Off")) {
530 sc->enabled = GNUTLS_ENABLED_FALSE; 566 sc->enabled = GNUTLS_ENABLED_FALSE;
531 } else { 567 } else {
532 return "GnuTLSEnable must be set to 'On' or 'Off'"; 568 return "GnuTLSEnable must be set to 'On' or 'Off'";
533 } 569 }
534 570
535 return NULL; 571 return NULL;
536} 572}
537 573
538const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy, 574const char *mgs_set_export_certificates_enabled(cmd_parms * parms,
539 const char *arg) 575 void *dummy,
576 const char *arg)
540{ 577{
541 mgs_srvconf_rec *sc = 578 mgs_srvconf_rec *sc =
542 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 579 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
543 module_config, 580 module_config,
544 &gnutls_module); 581 &gnutls_module);
545 if (!strcasecmp(arg, "On")) { 582 if (!strcasecmp(arg, "On")) {
546 sc->export_certificates_enabled = GNUTLS_ENABLED_TRUE; 583 sc->export_certificates_enabled = GNUTLS_ENABLED_TRUE;
547 } else if (!strcasecmp(arg, "Off")) { 584 } else if (!strcasecmp(arg, "Off")) {
548 sc->export_certificates_enabled = GNUTLS_ENABLED_FALSE; 585 sc->export_certificates_enabled = GNUTLS_ENABLED_FALSE;
549 } else { 586 } else {
550 return "GnuTLSExportCertificates must be set to 'On' or 'Off'"; 587 return
551 } 588 "GnuTLSExportCertificates must be set to 'On' or 'Off'";
552 589 }
553 return NULL; 590
591 return NULL;
554} 592}
555 593
556 594
557const char *mgs_set_priorities(cmd_parms * parms, void *dummy, const char *arg) 595const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
596 const char *arg)
558{ 597{
559 int ret; 598 int ret;
560 const char *err; 599 const char *err;
561 mgs_srvconf_rec *sc = 600 mgs_srvconf_rec *sc =
562 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 601 (mgs_srvconf_rec *) ap_get_module_config(parms->server->
563 module_config, 602 module_config,
564 &gnutls_module); 603 &gnutls_module);
565 604
566 605
567 ret = gnutls_priority_init( &sc->priorities, arg, &err); 606 ret = gnutls_priority_init(&sc->priorities, arg, &err);
568 if (ret < 0) { 607 if (ret < 0) {
569 if (ret == GNUTLS_E_INVALID_REQUEST) 608 if (ret == GNUTLS_E_INVALID_REQUEST)
570 return apr_psprintf(parms->pool, "GnuTLS: Syntax error parsing priorities string at: %s", err); 609 return apr_psprintf(parms->pool,
571 return "Error setting priorities"; 610 "GnuTLS: Syntax error parsing priorities string at: %s",
572 } 611 err);
573 612 return "Error setting priorities";
574 return NULL; 613 }
614
615 return NULL;
575} 616}
576 617
577void *mgs_config_server_create(apr_pool_t * p, server_rec * s) 618void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
578{ 619{
579 mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc)); 620 mgs_srvconf_rec *sc = apr_pcalloc(p, sizeof(*sc));
580 int ret; 621 int ret;
581
582 sc->enabled = GNUTLS_ENABLED_FALSE;
583
584 ret = gnutls_certificate_allocate_credentials(&sc->certs);
585 if (ret < 0) {
586 return apr_psprintf(p, "GnuTLS: Failed to initialize"
587 ": (%d) %s", ret, gnutls_strerror(ret));
588 }
589
590 ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds);
591 if (ret < 0) {
592 return apr_psprintf(p, "GnuTLS: Failed to initialize"
593 ": (%d) %s", ret, gnutls_strerror(ret));
594 }
595 622
623 sc->enabled = GNUTLS_ENABLED_FALSE;
624
625 ret = gnutls_certificate_allocate_credentials(&sc->certs);
626 if (ret < 0) {
627 return apr_psprintf(p, "GnuTLS: Failed to initialize"
628 ": (%d) %s", ret,
629 gnutls_strerror(ret));
630 }
631
632 ret = gnutls_anon_allocate_server_credentials(&sc->anon_creds);
633 if (ret < 0) {
634 return apr_psprintf(p, "GnuTLS: Failed to initialize"
635 ": (%d) %s", ret,
636 gnutls_strerror(ret));
637 }
596#ifdef ENABLE_SRP 638#ifdef ENABLE_SRP
597 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); 639 ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds);
598 if (ret < 0) { 640 if (ret < 0) {
599 return apr_psprintf(p, "GnuTLS: Failed to initialize" 641 return apr_psprintf(p, "GnuTLS: Failed to initialize"
600 ": (%d) %s", ret, gnutls_strerror(ret)); 642 ": (%d) %s", ret,
601 } 643 gnutls_strerror(ret));
602 644 }
603 sc->srp_tpasswd_conf_file = NULL; 645
604 sc->srp_tpasswd_file = NULL; 646 sc->srp_tpasswd_conf_file = NULL;
647 sc->srp_tpasswd_file = NULL;
605#endif 648#endif
606 649
607 sc->privkey_x509 = NULL; 650 sc->privkey_x509 = NULL;
608 memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); 651 memset(sc->certs_x509, 0, sizeof(sc->certs_x509));
609 sc->certs_x509_num = 0; 652 sc->certs_x509_num = 0;
610 sc->cache_timeout = apr_time_from_sec(300); 653 sc->cache_timeout = apr_time_from_sec(300);
611 sc->cache_type = mgs_cache_none; 654 sc->cache_type = mgs_cache_none;
612 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); 655 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");
613 sc->tickets = 1; /* by default enable session tickets */ 656 sc->tickets = 1; /* by default enable session tickets */
614 657
615 sc->client_verify_mode = GNUTLS_CERT_IGNORE; 658 sc->client_verify_mode = GNUTLS_CERT_IGNORE;
616 659
617 return sc; 660 return sc;
618} 661}
619 662
620void *mgs_config_dir_merge(apr_pool_t * p, void *basev, void *addv) 663void *mgs_config_dir_merge(apr_pool_t * p, void *basev, void *addv)
621{ 664{
622 mgs_dirconf_rec *new; 665 mgs_dirconf_rec *new;
623/* mgs_dirconf_rec *base = (mgs_dirconf_rec *) basev; */ 666/* mgs_dirconf_rec *base = (mgs_dirconf_rec *) basev; */
624 mgs_dirconf_rec *add = (mgs_dirconf_rec *) addv; 667 mgs_dirconf_rec *add = (mgs_dirconf_rec *) addv;
625 668
626 new = (mgs_dirconf_rec *) apr_pcalloc(p, sizeof(mgs_dirconf_rec)); 669 new = (mgs_dirconf_rec *) apr_pcalloc(p, sizeof(mgs_dirconf_rec));
627 new->lua_bytecode = apr_pstrmemdup(p, add->lua_bytecode, 670 new->lua_bytecode = apr_pstrmemdup(p, add->lua_bytecode,
628 add->lua_bytecode_len); 671 add->lua_bytecode_len);
629 new->lua_bytecode_len = add->lua_bytecode_len; 672 new->lua_bytecode_len = add->lua_bytecode_len;
630 new->client_verify_mode = add->client_verify_mode; 673 new->client_verify_mode = add->client_verify_mode;
631 return new; 674 return new;
632} 675}
633 676
634void *mgs_config_dir_create(apr_pool_t * p, char *dir) 677void *mgs_config_dir_create(apr_pool_t * p, char *dir)
635{ 678{
636 mgs_dirconf_rec *dc = apr_palloc(p, sizeof(*dc)); 679 mgs_dirconf_rec *dc = apr_palloc(p, sizeof(*dc));
637 680
638 dc->client_verify_mode = -1; 681 dc->client_verify_mode = -1;
639 dc->lua_bytecode = NULL; 682 dc->lua_bytecode = NULL;
640 dc->lua_bytecode_len = 0; 683 dc->lua_bytecode_len = 0;
641 return dc; 684 return dc;
642} 685}