diff options
Diffstat (limited to 'src/mod_gnutls.c')
| -rw-r--r-- | src/mod_gnutls.c | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index c34da5a..d4f1f16 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -57,8 +57,8 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 57 | 57 | ||
| 58 | 58 | ||
| 59 | /* TODO: Should we regenerate these after X requests / X time ? */ | 59 | /* TODO: Should we regenerate these after X requests / X time ? */ |
| 60 | // gnutls_dh_params_init(&dh_params); | 60 | gnutls_dh_params_init(&dh_params); |
| 61 | // gnutls_dh_params_generate2(dh_params, DH_BITS); | 61 | gnutls_dh_params_generate2(dh_params, DH_BITS); |
| 62 | // gnutls_rsa_params_init(&rsa_params); | 62 | // gnutls_rsa_params_init(&rsa_params); |
| 63 | // gnutls_rsa_params_generate2(rsa_params, RSA_BITS); | 63 | // gnutls_rsa_params_generate2(rsa_params, RSA_BITS); |
| 64 | 64 | ||
| @@ -70,7 +70,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 70 | sc->key_file, | 70 | sc->key_file, |
| 71 | GNUTLS_X509_FMT_PEM); | 71 | GNUTLS_X509_FMT_PEM); |
| 72 | // gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); | 72 | // gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); |
| 73 | // gnutls_certificate_set_dh_params(sc->certs, dh_params); | 73 | gnutls_certificate_set_dh_params(sc->certs, dh_params); |
| 74 | } | 74 | } |
| 75 | else if (sc->enabled == GNUTLS_ENABLED_TRUE) { | 75 | else if (sc->enabled == GNUTLS_ENABLED_TRUE) { |
| 76 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, | 76 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, |
| @@ -112,7 +112,7 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r) | |||
| 112 | return 443; | 112 | return 443; |
| 113 | } | 113 | } |
| 114 | 114 | ||
| 115 | static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | 115 | static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) |
| 116 | { | 116 | { |
| 117 | mod_gnutls_handle_t *ctxt; | 117 | mod_gnutls_handle_t *ctxt; |
| 118 | mod_gnutls_srvconf_rec *sc = | 118 | mod_gnutls_srvconf_rec *sc = |
| @@ -120,14 +120,20 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | |||
| 120 | module_config, | 120 | module_config, |
| 121 | &gnutls_module); | 121 | &gnutls_module); |
| 122 | 122 | ||
| 123 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { | 123 | ctxt = apr_pcalloc(pool, sizeof(*ctxt)); |
| 124 | return DECLINED; | 124 | ctxt->c = c; |
| 125 | } | ||
| 126 | |||
| 127 | ctxt = apr_pcalloc(c->pool, sizeof(*ctxt)); | ||
| 128 | |||
| 129 | ctxt->sc = sc; | 125 | ctxt->sc = sc; |
| 130 | ctxt->status = 0; | 126 | ctxt->status = 0; |
| 127 | |||
| 128 | ctxt->input_rc = APR_SUCCESS; | ||
| 129 | ctxt->input_bb = apr_brigade_create(c->pool, c->bucket_alloc); | ||
| 130 | ctxt->input_cbuf.length = 0; | ||
| 131 | |||
| 132 | ctxt->output_rc = APR_SUCCESS; | ||
| 133 | ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc); | ||
| 134 | ctxt->output_blen = 0; | ||
| 135 | ctxt->output_length = 0; | ||
| 136 | |||
| 131 | gnutls_init(&ctxt->session, GNUTLS_SERVER); | 137 | gnutls_init(&ctxt->session, GNUTLS_SERVER); |
| 132 | 138 | ||
| 133 | gnutls_cipher_set_priority(ctxt->session, sc->ciphers); | 139 | gnutls_cipher_set_priority(ctxt->session, sc->ciphers); |
| @@ -145,6 +151,22 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | |||
| 145 | 151 | ||
| 146 | // gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); | 152 | // gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); |
| 147 | 153 | ||
| 154 | return ctxt; | ||
| 155 | } | ||
| 156 | |||
| 157 | static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | ||
| 158 | { | ||
| 159 | mod_gnutls_handle_t *ctxt; | ||
| 160 | mod_gnutls_srvconf_rec *sc = | ||
| 161 | (mod_gnutls_srvconf_rec *) ap_get_module_config(c->base_server-> | ||
| 162 | module_config, | ||
| 163 | &gnutls_module); | ||
| 164 | |||
| 165 | if (!(sc && (sc->enabled == GNUTLS_ENABLED_TRUE))) { | ||
| 166 | return DECLINED; | ||
| 167 | } | ||
| 168 | |||
| 169 | ctxt = create_gnutls_handle(c->pool, c); | ||
| 148 | 170 | ||
| 149 | ap_set_module_config(c->conn_config, &gnutls_module, ctxt); | 171 | ap_set_module_config(c->conn_config, &gnutls_module, ctxt); |
| 150 | 172 | ||
| @@ -153,8 +175,8 @@ static int mod_gnutls_hook_pre_connection(conn_rec * c, void *csd) | |||
| 153 | gnutls_transport_set_push_function(ctxt->session, | 175 | gnutls_transport_set_push_function(ctxt->session, |
| 154 | mod_gnutls_transport_write); | 176 | mod_gnutls_transport_write); |
| 155 | gnutls_transport_set_ptr(ctxt->session, ctxt); | 177 | gnutls_transport_set_ptr(ctxt->session, ctxt); |
| 156 | ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c); | 178 | ctxt->input_filter = ap_add_input_filter(GNUTLS_INPUT_FILTER_NAME, ctxt, NULL, c); |
| 157 | ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c); | 179 | ctxt->output_filter = ap_add_output_filter(GNUTLS_OUTPUT_FILTER_NAME, ctxt, NULL, c); |
| 158 | 180 | ||
| 159 | return OK; | 181 | return OK; |
| 160 | } | 182 | } |