diff options
Diffstat (limited to 'src/mod_gnutls.c')
-rw-r--r-- | src/mod_gnutls.c | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index c34da5a..d4f1f16 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
@@ -57,8 +57,8 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
57 | 57 | ||
58 | 58 | ||
59 | /* TODO: Should we regenerate these after X requests / X time ? */ | 59 | /* TODO: Should we regenerate these after X requests / X time ? */ |
60 | // gnutls_dh_params_init(&dh_params); | 60 | gnutls_dh_params_init(&dh_params); |
61 | // gnutls_dh_params_generate2(dh_params, DH_BITS); | 61 | gnutls_dh_params_generate2(dh_params, DH_BITS); |
62 | // gnutls_rsa_params_init(&rsa_params); | 62 | // gnutls_rsa_params_init(&rsa_params); |
63 | // gnutls_rsa_params_generate2(rsa_params, RSA_BITS); | 63 | // gnutls_rsa_params_generate2(rsa_params, RSA_BITS); |
64 | 64 | ||
@@ -70,7 +70,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
70 | sc->key_file, | 70 | sc->key_file, |
71 | GNUTLS_X509_FMT_PEM); | 71 | GNUTLS_X509_FMT_PEM); |
72 | // gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); | 72 | // gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); |
73 | // gnutls_certificate_set_dh_params(sc->certs, dh_params); | 73 | gnutls_certificate_set_dh_params(sc->certs, dh_params); |
74 | } | 74 | } |
75 | else if (sc->enabled == GNUTLS_ENABLED_TRUE) { | 75 | else if (sc->enabled == GNUTLS_ENABLED_TRUE) { |
76 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, | 76 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, |
@@ -112,7 +112,7 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r) | |||
112 | return 443; | 112 | return 443; |
113 | } | 113 | } |
114 | 114 | ||
115 | static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | 115 | static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) |
116 | { | 116 | { |
117 | mod_gnutls_handle_t *ctxt; | 117 | mod_gnutls_handle_t *ctxt; |
118 | mod_gnutls_srvconf_rec *sc = | 118 | mod_gnutls_srvconf_rec *sc = |
@@ -120,14 +120,20 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | |||
120 | module_config, | 120 | module_config, |
121 | &gnutls_module); | 121 | &gnutls_module); |
122 | 122 | ||
123 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { | 123 | ctxt = apr_pcalloc(pool, sizeof(*ctxt)); |
124 | return DECLINED; | 124 | ctxt->c = c; |
125 | } | ||
126 | |||
127 | ctxt = apr_pcalloc(c->pool, sizeof(*ctxt)); | ||
128 | |||
129 | ctxt->sc = sc; | 125 | ctxt->sc = sc; |
130 | ctxt->status = 0; | 126 | ctxt->status = 0; |
127 | |||
128 | ctxt->input_rc = APR_SUCCESS; | ||
129 | ctxt->input_bb = apr_brigade_create(c->pool, c->bucket_alloc); | ||
130 | ctxt->input_cbuf.length = 0; | ||
131 | |||
132 | ctxt->output_rc = APR_SUCCESS; | ||
133 | ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc); | ||
134 | ctxt->output_blen = 0; | ||
135 | ctxt->output_length = 0; | ||
136 | |||
131 | gnutls_init(&ctxt->session, GNUTLS_SERVER); | 137 | gnutls_init(&ctxt->session, GNUTLS_SERVER); |
132 | 138 | ||
133 | gnutls_cipher_set_priority(ctxt->session, sc->ciphers); | 139 | gnutls_cipher_set_priority(ctxt->session, sc->ciphers); |
@@ -145,6 +151,22 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | |||
145 | 151 | ||
146 | // gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); | 152 | // gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); |
147 | 153 | ||
154 | return ctxt; | ||
155 | } | ||
156 | |||
157 | static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | ||
158 | { | ||
159 | mod_gnutls_handle_t *ctxt; | ||
160 | mod_gnutls_srvconf_rec *sc = | ||
161 | (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server-> | ||
162 | module_config, | ||
163 | &gnutls_module); | ||
164 | |||
165 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { | ||
166 | return DECLINED; | ||
167 | } | ||
168 | |||
169 | ctxt = create_gnutls_handle(c->pool, c); | ||
148 | 170 | ||
149 | ap_set_module_config(c->conn_config, &gnutls_module, ctxt); | 171 | ap_set_module_config(c->conn_config, &gnutls_module, ctxt); |
150 | 172 | ||
@@ -153,8 +175,8 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | |||
153 | gnutls_transport_set_push_function(ctxt->session, | 175 | gnutls_transport_set_push_function(ctxt->session, |
154 | mod_gnutls_transport_write); | 176 | mod_gnutls_transport_write); |
155 | gnutls_transport_set_ptr(ctxt->session, ctxt); | 177 | gnutls_transport_set_ptr(ctxt->session, ctxt); |
156 | ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c); | 178 | ctxt->input_filter = ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c); |
157 | ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c); | 179 | ctxt->output_filter = ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c); |
158 | 180 | ||
159 | return OK; | 181 | return OK; |
160 | } | 182 | } |