aboutsummaryrefslogtreecommitdiffstats
path: root/src/mod_gnutls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mod_gnutls.c')
-rw-r--r--src/mod_gnutls.c46
1 files changed, 44 insertions, 2 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index 3dfbd9a..833edc2 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -70,7 +70,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
70 } 70 }
71 71
72 72
73 if(first_run) { 73// if(first_run) {
74 /* TODO: Should we regenerate these after X requests / X time ? */ 74 /* TODO: Should we regenerate these after X requests / X time ? */
75 gnutls_dh_params_init(&dh_params); 75 gnutls_dh_params_init(&dh_params);
76 gnutls_dh_params_generate2(dh_params, DH_BITS); 76 gnutls_dh_params_generate2(dh_params, DH_BITS);
@@ -78,7 +78,7 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
78 gnutls_rsa_params_init(&rsa_params); 78 gnutls_rsa_params_init(&rsa_params);
79 gnutls_rsa_params_generate2(rsa_params, RSA_BITS); 79 gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
80#endif 80#endif
81 } 81// }
82 82
83 for (s = base_server; s; s = s->next) { 83 for (s = base_server; s; s = s->next) {
84 sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, 84 sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config,
@@ -105,6 +105,25 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
105 return OK; 105 return OK;
106} 106}
107 107
108static void mod_gnutls_hook_child_init(apr_pool_t *p, server_rec *s)
109{
110 apr_status_t rv = APR_SUCCESS;
111 mod_gnutls_srvconf_rec *sc = ap_get_module_config(s->module_config,
112 &gnutls_module);
113
114 if(sc->cache_config != NULL) {
115 rv = mod_gnutls_cache_child_init(p, s, sc);
116 if(rv != APR_SUCCESS) {
117 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
118 "[GnuTLS] - Failed to run Cache Init");
119 }
120 }
121 else {
122 ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
123 "[GnuTLS] - No Cache Configured. Hint: GnuTLSCache");
124 }
125}
126
108static const char *mod_gnutls_hook_http_method(const request_rec * r) 127static const char *mod_gnutls_hook_http_method(const request_rec * r)
109{ 128{
110 mod_gnutls_srvconf_rec *sc = 129 mod_gnutls_srvconf_rec *sc =
@@ -172,6 +191,7 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
172 191
173 gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); 192 gnutls_dh_set_prime_bits(ctxt->session, DH_BITS);
174 193
194 mod_gnutls_cache_session_init(ctxt);
175 return ctxt; 195 return ctxt;
176} 196}
177 197
@@ -250,6 +270,21 @@ static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy,
250 return NULL; 270 return NULL;
251} 271}
252 272
273static const char *gnutls_set_cache(cmd_parms * parms, void *dummy,
274 const char *arg)
275{
276 const char* err;
277 mod_gnutls_srvconf_rec *sc = ap_get_module_config(parms->server->
278 module_config,
279 &gnutls_module);
280 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) {
281 return err;
282 }
283
284 sc->cache_config = apr_pstrdup(parms->pool, arg);
285 return NULL;
286}
287
253static const char *gnutls_set_enabled(cmd_parms * parms, void *dummy, 288static const char *gnutls_set_enabled(cmd_parms * parms, void *dummy,
254 const char *arg) 289 const char *arg)
255{ 290{
@@ -279,6 +314,10 @@ static const command_rec gnutls_cmds[] = {
279 NULL, 314 NULL,
280 RSRC_CONF, 315 RSRC_CONF,
281 "SSL Server Certificate file"), 316 "SSL Server Certificate file"),
317 AP_INIT_TAKE1("GnuTLSCache", gnutls_set_cache,
318 NULL,
319 RSRC_CONF,
320 "SSL Server Certificate file"),
282 AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled, 321 AP_INIT_TAKE1("GnuTLSEnable", gnutls_set_enabled,
283 NULL, RSRC_CONF, 322 NULL, RSRC_CONF,
284 "Whether this server has GnuTLS Enabled. Default: Off"), 323 "Whether this server has GnuTLS Enabled. Default: Off"),
@@ -299,6 +338,8 @@ static void gnutls_hooks(apr_pool_t * p)
299 APR_HOOK_MIDDLE); 338 APR_HOOK_MIDDLE);
300 ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL, 339 ap_hook_post_config(mod_gnutls_hook_post_config, NULL, NULL,
301 APR_HOOK_MIDDLE); 340 APR_HOOK_MIDDLE);
341 ap_hook_child_init(mod_gnutls_hook_child_init, NULL, NULL,
342 APR_HOOK_MIDDLE);
302 ap_hook_http_method(mod_gnutls_hook_http_method, NULL, NULL, 343 ap_hook_http_method(mod_gnutls_hook_http_method, NULL, NULL,
303 APR_HOOK_MIDDLE); 344 APR_HOOK_MIDDLE);
304 ap_hook_default_port(mod_gnutls_hook_default_port, NULL, NULL, 345 ap_hook_default_port(mod_gnutls_hook_default_port, NULL, NULL,
@@ -331,6 +372,7 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s)
331 gnutls_anon_allocate_server_credentials(&sc->anoncred); 372 gnutls_anon_allocate_server_credentials(&sc->anoncred);
332 sc->key_file = NULL; 373 sc->key_file = NULL;
333 sc->cert_file = NULL; 374 sc->cert_file = NULL;
375 sc->cache_config = NULL;
334 376
335 i = 0; 377 i = 0;
336 sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC; 378 sc->ciphers[i++] = GNUTLS_CIPHER_AES_256_CBC;
generated by cgit (git 2.34.1) at 2025-10-30 21:05:07 +0000