diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/gnutls_io.c | 56 | ||||
| -rw-r--r-- | src/mod_gnutls.c | 9 |
2 files changed, 33 insertions, 32 deletions
diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 659effa..ec2d08c 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c | |||
| @@ -224,14 +224,6 @@ static apr_status_t gnutls_io_input_read(mod_gnutls_handle_t * ctxt, | |||
| 224 | 224 | ||
| 225 | while (1) { | 225 | while (1) { |
| 226 | 226 | ||
| 227 | if (ctxt->status < 0) { | ||
| 228 | /* Ensure a non-zero error code is returned */ | ||
| 229 | if (ctxt->input_rc == APR_SUCCESS) { | ||
| 230 | ctxt->input_rc = APR_EGENERAL; | ||
| 231 | } | ||
| 232 | break; | ||
| 233 | } | ||
| 234 | |||
| 235 | rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes); | 227 | rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes); |
| 236 | 228 | ||
| 237 | if (rc > 0) { | 229 | if (rc > 0) { |
| @@ -348,6 +340,7 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) | |||
| 348 | 340 | ||
| 349 | if (ctxt->status != 0) | 341 | if (ctxt->status != 0) |
| 350 | return; | 342 | return; |
| 343 | #if 0 | ||
| 351 | 344 | ||
| 352 | for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) { | 345 | for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) { |
| 353 | ret = gnutls_handshake(ctxt->session); | 346 | ret = gnutls_handshake(ctxt->session); |
| @@ -364,14 +357,12 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) | |||
| 364 | gnutls_alert_get_name(ret)); | 357 | gnutls_alert_get_name(ret)); |
| 365 | } | 358 | } |
| 366 | 359 | ||
| 367 | if (gnutls_error_is_fatal(ret) != 0) { | 360 | gnutls_deinit(ctxt->session); |
| 368 | gnutls_deinit(ctxt->session); | 361 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, |
| 369 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | ||
| 370 | "GnuTLS: Handshake Failed (%d) '%s'", ret, | 362 | "GnuTLS: Handshake Failed (%d) '%s'", ret, |
| 371 | gnutls_strerror(ret)); | 363 | gnutls_strerror(ret)); |
| 372 | ctxt->status = -1; | 364 | ctxt->status = -1; |
| 373 | return; | 365 | return; |
| 374 | } | ||
| 375 | } | 366 | } |
| 376 | else { | 367 | else { |
| 377 | ctxt->status = 1; | 368 | ctxt->status = 1; |
| @@ -380,6 +371,30 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) | |||
| 380 | } | 371 | } |
| 381 | ctxt->status = -1; | 372 | ctxt->status = -1; |
| 382 | return; | 373 | return; |
| 374 | #else | ||
| 375 | ret = gnutls_handshake(ctxt->session); | ||
| 376 | if (ret < 0) { | ||
| 377 | if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED | ||
| 378 | || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { | ||
| 379 | ret = gnutls_alert_get(ctxt->session); | ||
| 380 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | ||
| 381 | "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret, | ||
| 382 | gnutls_alert_get_name(ret)); | ||
| 383 | } | ||
| 384 | |||
| 385 | gnutls_deinit(ctxt->session); | ||
| 386 | ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, | ||
| 387 | "GnuTLS: Handshake Failed (%d) '%s'", ret, | ||
| 388 | gnutls_strerror(ret)); | ||
| 389 | ctxt->status = -1; | ||
| 390 | return; | ||
| 391 | } | ||
| 392 | else { | ||
| 393 | ctxt->status = 1; | ||
| 394 | return; /* all done with the handshake */ | ||
| 395 | } | ||
| 396 | |||
| 397 | #endif | ||
| 383 | } | 398 | } |
| 384 | 399 | ||
| 385 | 400 | ||
| @@ -404,7 +419,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t * f, | |||
| 404 | } | 419 | } |
| 405 | 420 | ||
| 406 | if (ctxt->status < 0) { | 421 | if (ctxt->status < 0) { |
| 407 | return ap_get_brigade(f->next, bb, mode, block, readbytes); | 422 | // return ap_get_brigade(f->next, bb, mode, block, readbytes); |
| 408 | } | 423 | } |
| 409 | 424 | ||
| 410 | /* XXX: we don't currently support anything other than these modes. */ | 425 | /* XXX: we don't currently support anything other than these modes. */ |
| @@ -643,19 +658,6 @@ ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr, | |||
| 643 | { | 658 | { |
| 644 | mod_gnutls_handle_t *ctxt = ptr; | 659 | mod_gnutls_handle_t *ctxt = ptr; |
| 645 | 660 | ||
| 646 | if (!ctxt->output_length | ||
| 647 | && (len + ctxt->output_blen < sizeof(ctxt->output_buffer))) { | ||
| 648 | /* the first two SSL_writes (of 1024 and 261 bytes) | ||
| 649 | * need to be in the same packet (vec[0].iov_base) | ||
| 650 | */ | ||
| 651 | /* XXX: could use apr_brigade_write() to make code look cleaner | ||
| 652 | * but this way we avoid the malloc(APR_BUCKET_BUFF_SIZE) | ||
| 653 | * and free() of it later | ||
| 654 | */ | ||
| 655 | memcpy(&ctxt->output_buffer[ctxt->output_blen], buffer, len); | ||
| 656 | ctxt->output_blen += len; | ||
| 657 | } | ||
| 658 | else { | ||
| 659 | /* pass along the encrypted data | 661 | /* pass along the encrypted data |
| 660 | * need to flush since we're using SSL's malloc-ed buffer | 662 | * need to flush since we're using SSL's malloc-ed buffer |
| 661 | * which will be overwritten once we leave here | 663 | * which will be overwritten once we leave here |
| @@ -670,7 +672,5 @@ ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr, | |||
| 670 | if (write_flush(ctxt) < 0) { | 672 | if (write_flush(ctxt) < 0) { |
| 671 | return -1; | 673 | return -1; |
| 672 | } | 674 | } |
| 673 | } | ||
| 674 | |||
| 675 | return len; | 675 | return len; |
| 676 | } | 676 | } |
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index d4f1f16..9cccb03 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -149,7 +149,7 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) | |||
| 149 | 149 | ||
| 150 | gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); | 150 | gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); |
| 151 | 151 | ||
| 152 | // gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); | 152 | gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); |
| 153 | 153 | ||
| 154 | return ctxt; | 154 | return ctxt; |
| 155 | } | 155 | } |
| @@ -188,7 +188,7 @@ static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy, | |||
| 188 | (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> | 188 | (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> |
| 189 | module_config, | 189 | module_config, |
| 190 | &gnutls_module); | 190 | &gnutls_module); |
| 191 | sc->cert_file = apr_pstrdup(parms->pool, arg); | 191 | sc->cert_file = ap_server_root_relative(parms->pool, arg); |
| 192 | return NULL; | 192 | return NULL; |
| 193 | } | 193 | } |
| 194 | 194 | ||
| @@ -199,7 +199,7 @@ static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy, | |||
| 199 | (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> | 199 | (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> |
| 200 | module_config, | 200 | module_config, |
| 201 | &gnutls_module); | 201 | &gnutls_module); |
| 202 | sc->key_file = apr_pstrdup(parms->pool, arg); | 202 | sc->key_file = ap_server_root_relative(parms->pool, arg); |
| 203 | return NULL; | 203 | return NULL; |
| 204 | } | 204 | } |
| 205 | 205 | ||
| @@ -291,9 +291,10 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s) | |||
| 291 | sc->ciphers[i] = 0; | 291 | sc->ciphers[i] = 0; |
| 292 | 292 | ||
| 293 | i = 0; | 293 | i = 0; |
| 294 | sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS; | ||
| 294 | sc->key_exchange[i++] = GNUTLS_KX_RSA; | 295 | sc->key_exchange[i++] = GNUTLS_KX_RSA; |
| 295 | sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT; | ||
| 296 | sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA; | 296 | sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA; |
| 297 | sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT; | ||
| 297 | sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS; | 298 | sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS; |
| 298 | sc->key_exchange[i] = 0; | 299 | sc->key_exchange[i] = 0; |
| 299 | 300 | ||