From 32f2e601850dbbfb34180763df507d103c6b6aff Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Thu, 9 Dec 2004 07:52:31 +0000 Subject: fixes and stuff that i should of already committed. --- src/gnutls_cache.c | 38 ++++++++++++++++++++++++++++++++++- src/gnutls_io.c | 59 ++++++------------------------------------------------ src/mod_gnutls.c | 17 ++++++++++------ 3 files changed, 54 insertions(+), 60 deletions(-) diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index f2fb803..683cdf4 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c @@ -21,5 +21,41 @@ * GnuTLS Session Cache using libmemcached * */ +/* +#include "memcache.h" -#include "libmemcache/memcache.h" +int mod_gnutls_cache_init() +{ + return 0; +} +static int cache_store((void* baton, gnutls_datum_t key, gnutls_datum_t data) +{ + mc_set(struct memcache *mc, + key->data, key->size, + data->data, data->size, + 3600, 0); + return 0; +} + +static int cache_fetch(void* baton, gnutls_datum_t key) +{ + mod_gnutls_handle_t *ctxt = baton; + return 0; +} + +static int cache_delete(void* baton, gnutls_datum_t key) +{ + mod_gnutls_handle_t *ctxt = baton; + return 0; +} + +int mod_gnutls_cache_session_init(mod_gnutls_handle_t *ctxt) +{ + gnutls_db_set_cache_expiration + gnutls_db_set_retrieve_function(session, cache_fetch); + gnutls_db_set_remove_function(session, cache_delete); + gnutls_db_set_store_function(session, cache_store); + gnutls_db_set_ptr(session, NULL); + return 0; +} +*/ diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 856b6a3..e1c84be 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c @@ -332,46 +332,12 @@ static apr_status_t gnutls_io_input_getline(mod_gnutls_handle_t * ctxt, } -#define GNUTLS_HANDSHAKE_ATTEMPTS 10 - static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) { - int i, ret; + int ret; if (ctxt->status != 0) return; -#if 0 - - for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) { - ret = gnutls_handshake(ctxt->session); - if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) { - continue; - } - - if (ret < 0) { - if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED - || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { - ret = gnutls_alert_get(ctxt->session); - ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, - "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret, - gnutls_alert_get_name(ret)); - } - - gnutls_deinit(ctxt->session); - ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, - "GnuTLS: Handshake Failed (%d) '%s'", ret, - gnutls_strerror(ret)); - ctxt->status = -1; - return; - } - else { - ctxt->status = 1; - return; /* all done with the handshake */ - } - } - ctxt->status = -1; - return; -#else ret = gnutls_handshake(ctxt->session); if (ret < 0) { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED @@ -393,8 +359,6 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) ctxt->status = 1; return; /* all done with the handshake */ } - -#endif } @@ -465,7 +429,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t * f, apr_status_t mod_gnutls_filter_output(ap_filter_t * f, apr_bucket_brigade * bb) { - int ret; + apr_size_t ret; mod_gnutls_handle_t *ctxt = (mod_gnutls_handle_t *) f->ctx; apr_status_t status = APR_SUCCESS; apr_read_type_e rblock = APR_NONBLOCK_READ; @@ -513,7 +477,6 @@ apr_status_t mod_gnutls_filter_output(ap_filter_t * f, } else { - /* filter output */ const char *data; apr_size_t len; @@ -546,20 +509,10 @@ apr_status_t mod_gnutls_filter_output(ap_filter_t * f, ctxt->output_rc = APR_EGENERAL; } } - else if ((apr_size_t) ret != len) { - //apr_bucket_split(bucket, ret); - //APR_BUCKET_REMOVE(bucket); - /* not all of the data was sent. */ - /* mod_ssl basicly errors out here.. this doesn't seem right? */ - ap_log_error(APLOG_MARK, APLOG_INFO, ctxt->output_rc, - ctxt->c->base_server, - "GnuTLS: failed to write %" APR_SSIZE_T_FMT - " of %" APR_SIZE_T_FMT " bytes.", - len - (apr_size_t) ret, len); - //continue; - if (ctxt->output_rc == APR_SUCCESS) { - ctxt->output_rc = APR_EGENERAL; - } + else if (ret != len) { + /* Not able to send the entire bucket, + split it and send it again. */ + apr_bucket_split(bucket, ret); } apr_bucket_delete(bucket); diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index f1ab6a2..04f7db9 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -44,8 +44,9 @@ static int mod_gnutls_hook_pre_config(apr_pool_t * pconf, } #define DH_BITS 1024 +#ifdef USE_RSA #define RSA_BITS 512 - +#endif static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, apr_pool_t * ptemp, server_rec * base_server) @@ -53,15 +54,17 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, mod_gnutls_srvconf_rec *sc; server_rec *s; gnutls_dh_params_t dh_params; +#ifdef USE_RSA gnutls_rsa_params_t rsa_params; - +#endif /* TODO: Should we regenerate these after X requests / X time ? */ gnutls_dh_params_init(&dh_params); gnutls_dh_params_generate2(dh_params, DH_BITS); -// gnutls_rsa_params_init(&rsa_params); -// gnutls_rsa_params_generate2(rsa_params, RSA_BITS); - +#ifdef USE_RSA + gnutls_rsa_params_init(&rsa_params); + gnutls_rsa_params_generate2(rsa_params, RSA_BITS); +#endif for (s = base_server; s; s = s->next) { sc = (mod_gnutls_srvconf_rec *) ap_get_module_config(s->module_config, &gnutls_module); @@ -69,7 +72,9 @@ static int mod_gnutls_hook_post_config(apr_pool_t * p, apr_pool_t * plog, gnutls_certificate_set_x509_key_file(sc->certs, sc->cert_file, sc->key_file, GNUTLS_X509_FMT_PEM); -// gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); +#ifdef USE_RSA + gnutls_certificate_set_rsa_export_params(sc->certs, rsa_params); +#endif gnutls_certificate_set_dh_params(sc->certs, dh_params); } else if (sc->enabled == GNUTLS_ENABLED_TRUE) { -- cgit