diff options
Diffstat (limited to 'src/gnutls_io.c')
| -rw-r--r-- | src/gnutls_io.c | 54 |
1 files changed, 30 insertions, 24 deletions
diff --git a/src/gnutls_io.c b/src/gnutls_io.c index f761f96..f081284 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c | |||
| @@ -353,13 +353,12 @@ static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt, | |||
| 353 | return APR_SUCCESS; | 353 | return APR_SUCCESS; |
| 354 | } | 354 | } |
| 355 | 355 | ||
| 356 | 356 | static int gnutls_do_handshake(mod_gnutls_handle_t * ctxt) | |
| 357 | static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) | ||
| 358 | { | 357 | { |
| 359 | int ret; | 358 | int ret; |
| 360 | int errcode; | 359 | int errcode; |
| 361 | if (ctxt->status != 0) { | 360 | if (ctxt->status != 0) { |
| 362 | return; | 361 | return 0; |
| 363 | } | 362 | } |
| 364 | 363 | ||
| 365 | tryagain: | 364 | tryagain: |
| @@ -388,11 +387,37 @@ tryagain: | |||
| 388 | gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, | 387 | gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, |
| 389 | gnutls_error_to_alert(ret, NULL)); | 388 | gnutls_error_to_alert(ret, NULL)); |
| 390 | gnutls_deinit(ctxt->session); | 389 | gnutls_deinit(ctxt->session); |
| 391 | return; | 390 | return ret; |
| 392 | } | 391 | } |
| 393 | else { | 392 | else { |
| 393 | /* all done with the handshake */ | ||
| 394 | ctxt->status = 1; | 394 | ctxt->status = 1; |
| 395 | return; /* all done with the handshake */ | 395 | return ret; |
| 396 | } | ||
| 397 | } | ||
| 398 | |||
| 399 | int mod_gnutls_rehandshake(mod_gnutls_handle_t * ctxt) | ||
| 400 | { | ||
| 401 | int rv; | ||
| 402 | |||
| 403 | rv = gnutls_rehandshake(ctxt->session); | ||
| 404 | |||
| 405 | if (rv != 0) { | ||
| 406 | /* the client did not want to rehandshake. goodbye */ | ||
| 407 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | ||
| 408 | "GnuTLS: Client Refused Rehandshake request."); | ||
| 409 | return -1; | ||
| 410 | } | ||
| 411 | |||
| 412 | ctxt->status = 0; | ||
| 413 | |||
| 414 | gnutls_do_handshake(ctxt); | ||
| 415 | |||
| 416 | if (ctxt->status == 1) { | ||
| 417 | return 0; | ||
| 418 | } | ||
| 419 | else { | ||
| 420 | return -1; | ||
| 396 | } | 421 | } |
| 397 | } | 422 | } |
| 398 | 423 | ||
| @@ -414,26 +439,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t* f, | |||
| 414 | } | 439 | } |
| 415 | 440 | ||
| 416 | if (ctxt->status == 0) { | 441 | if (ctxt->status == 0) { |
| 417 | char* server_name; | ||
| 418 | int server_type; | ||
| 419 | int data_len = 256; | ||
| 420 | |||
| 421 | gnutls_do_handshake(ctxt); | 442 | gnutls_do_handshake(ctxt); |
| 422 | |||
| 423 | /** | ||
| 424 | * Due to issues inside the GnuTLS API, we cannot currently do TLS 1.1 | ||
| 425 | * Server Name Indication. | ||
| 426 | */ | ||
| 427 | server_name = apr_palloc(ctxt->c->pool, data_len); | ||
| 428 | if (gnutls_server_name_get(ctxt->session, server_name, &data_len, &server_type, 0) == 0) { | ||
| 429 | if (server_type == GNUTLS_NAME_DNS) { | ||
| 430 | ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, | ||
| 431 | ctxt->c->base_server, | ||
| 432 | "GnuTLS: TLS 1.1 Server Name: " | ||
| 433 | "%s", server_name); | ||
| 434 | |||
| 435 | } | ||
| 436 | } | ||
| 437 | } | 443 | } |
| 438 | 444 | ||
| 439 | if (ctxt->status < 0) { | 445 | if (ctxt->status < 0) { |