aboutsummaryrefslogtreecommitdiffstats
path: root/src/mod_gnutls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mod_gnutls.c')
-rw-r--r--src/mod_gnutls.c46
1 files changed, 34 insertions, 12 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index c34da5a..d4f1f16 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -57,8 +57,8 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
57 57
58 58
59 /* TODO: Should we regenerate these after X requests / X time ? */ 59 /* TODO: Should we regenerate these after X requests / X time ? */
60// gnutls_dh_params_init(&dh_params); 60 gnutls_dh_params_init(&dh_params);
61// gnutls_dh_params_generate2(dh_params, DH_BITS); 61 gnutls_dh_params_generate2(dh_params, DH_BITS);
62// gnutls_rsa_params_init(&rsa_params); 62// gnutls_rsa_params_init(&rsa_params);
63// gnutls_rsa_params_generate2(rsa_params, RSA_BITS); 63// gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
64 64
@@ -70,7 +70,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
70 sc->key_file, 70 sc->key_file,
71 GNUTLS_X509_FMT_PEM); 71 GNUTLS_X509_FMT_PEM);
72// gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); 72// gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params);
73// gnutls_certificate_set_dh_params(sc->certs, dh_params); 73 gnutls_certificate_set_dh_params(sc->certs, dh_params);
74 } 74 }
75 else if (sc->enabled == GNUTLS_ENABLED_TRUE) { 75 else if (sc->enabled == GNUTLS_ENABLED_TRUE) {
76 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, 76 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
@@ -112,7 +112,7 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
112 return 443; 112 return 443;
113} 113}
114 114
115static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) 115static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
116{ 116{
117 mod_gnutls_handle_t *ctxt; 117 mod_gnutls_handle_t *ctxt;
118 mod_gnutls_srvconf_rec *sc = 118 mod_gnutls_srvconf_rec *sc =
@@ -120,14 +120,20 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
120 module_config, 120 module_config,
121 &gnutls_module); 121 &gnutls_module);
122 122
123 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { 123 ctxt = apr_pcalloc(pool, sizeof(*ctxt));
124 return DECLINED; 124 ctxt->c = c;
125 }
126
127 ctxt = apr_pcalloc(c->pool, sizeof(*ctxt));
128
129 ctxt->sc = sc; 125 ctxt->sc = sc;
130 ctxt->status = 0; 126 ctxt->status = 0;
127
128 ctxt->input_rc = APR_SUCCESS;
129 ctxt->input_bb = apr_brigade_create(c->pool, c->bucket_alloc);
130 ctxt->input_cbuf.length = 0;
131
132 ctxt->output_rc = APR_SUCCESS;
133 ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc);
134 ctxt->output_blen = 0;
135 ctxt->output_length = 0;
136
131 gnutls_init(&ctxt->session, GNUTLS_SERVER); 137 gnutls_init(&ctxt->session, GNUTLS_SERVER);
132 138
133 gnutls_cipher_set_priority(ctxt->session, sc->ciphers); 139 gnutls_cipher_set_priority(ctxt->session, sc->ciphers);
@@ -145,6 +151,22 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
145 151
146// gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); 152// gnutls_dh_set_prime_bits(ctxt->session, DH_BITS);
147 153
154 return ctxt;
155}
156
157static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
158{
159 mod_gnutls_handle_t *ctxt;
160 mod_gnutls_srvconf_rec *sc =
161 (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server->
162 module_config,
163 &gnutls_module);
164
165 if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) {
166 return DECLINED;
167 }
168
169 ctxt = create_gnutls_handle(c->pool, c);
148 170
149 ap_set_module_config(c->conn_config, &gnutls_module, ctxt); 171 ap_set_module_config(c->conn_config, &gnutls_module, ctxt);
150 172
@@ -153,8 +175,8 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd)
153 gnutls_transport_set_push_function(ctxt->session, 175 gnutls_transport_set_push_function(ctxt->session,
154 mod_gnutls_transport_write); 176 mod_gnutls_transport_write);
155 gnutls_transport_set_ptr(ctxt->session, ctxt); 177 gnutls_transport_set_ptr(ctxt->session, ctxt);
156 ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c); 178 ctxt->input_filter = ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c);
157 ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c); 179 ctxt->output_filter = ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c);
158 180
159 return OK; 181 return OK;
160} 182}