From 450f9e9e0b2f99e8aba697a0a9c9ce4899bed92f Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Sat, 8 Dec 2007 15:57:11 +0000 Subject: RSA-EXPORT private keys and DH params no longer generated by default --- Makefile.am | 2 +- configure.ac | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index d61ebd3..205da9d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -7,5 +7,5 @@ EXTRA_DIST = m4/outoforder.m4 m4/apache.m4 \ README README.ENV NEWS \ NOTICE LICENSE autogen.sh -SUBDIRS = src data +SUBDIRS = src ACLOCAL_AMFLAGS = -I m4 diff --git a/configure.ac b/configure.ac index c401940..b096a45 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ dnl -AC_INIT(mod_gnutls, 0.4.1) +AC_INIT(mod_gnutls, 0.4.2) OOO_CONFIG_NICE(config.nice) MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION AC_PREREQ(2.53) @@ -43,7 +43,7 @@ MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}" AC_SUBST(MODULE_CFLAGS) AC_SUBST(MODULE_LIBS) -AC_CONFIG_FILES([Makefile src/Makefile include/mod_gnutls.h data/Makefile]) +AC_CONFIG_FILES([Makefile src/Makefile include/mod_gnutls.h]) AC_OUTPUT echo "---" -- cgit From 8240f591e11b4c87c8f134515806d6cbd59bf9f2 Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Sat, 8 Dec 2007 16:07:12 +0000 Subject: Added support for sending more than one certificate. --- NEWS | 4 ++++ include/mod_gnutls.h.in | 8 ++++++-- src/gnutls_config.c | 14 +++++--------- src/gnutls_hooks.c | 10 +++++----- 4 files changed, 20 insertions(+), 16 deletions(-) diff --git a/NEWS b/NEWS index e4b908d..29bf060 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +** Version 0.4.2 + +- Added support for sending a certificate chain. + ** Version 0.4.1 (2007-12-03) - Added support for subject alternative names in certificates. diff --git a/include/mod_gnutls.h.in b/include/mod_gnutls.h.in index 6a311a3..a0f6581 100644 --- a/include/mod_gnutls.h.in +++ b/include/mod_gnutls.h.in @@ -80,7 +80,10 @@ typedef struct /* The maximum number of client CA certificates allowed. */ #define MAX_CA_CRTS 128 -#define MAX_CIPHERS 16 + +/* The maximum number of certificates to send in a chain + */ +#define MAX_CHAIN_SIZE 8 typedef struct { @@ -88,7 +91,8 @@ typedef struct gnutls_srp_server_credentials_t srp_creds; gnutls_anon_server_credentials_t anon_creds; char* cert_cn; - gnutls_x509_crt_t cert_x509; + gnutls_x509_crt_t certs_x509[MAX_CHAIN_SIZE]; /* A certificate chain */ + unsigned int certs_x509_num; gnutls_x509_privkey_t privkey_x509; int enabled; /* whether to send the PEM encoded certificates diff --git a/src/gnutls_config.c b/src/gnutls_config.c index 7b5a42b..8d6308a 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c @@ -151,15 +151,10 @@ const char *mgs_set_cert_file(cmd_parms * parms, void *dummy, "Certificate '%s'", file); } - ret = gnutls_x509_crt_init(&sc->cert_x509); - if (ret < 0) { - return apr_psprintf(parms->pool, "GnuTLS: Failed to initialize" - ": (%d) %s", ret, gnutls_strerror(ret)); - } - + sc->certs_x509_num = MAX_CHAIN_SIZE; ret = - gnutls_x509_crt_import(sc->cert_x509, &data, GNUTLS_X509_FMT_PEM); - if (ret != 0) { + gnutls_x509_crt_list_import(sc->certs_x509, &sc->certs_x509_num, &data, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " "Certificate '%s': (%d) %s", file, ret, gnutls_strerror(ret)); @@ -440,7 +435,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) sc->srp_tpasswd_conf_file = NULL; sc->srp_tpasswd_file = NULL; sc->privkey_x509 = NULL; - sc->cert_x509 = NULL; + memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); + sc->certs_x509_num = 0; sc->cache_timeout = apr_time_from_sec(300); sc->cache_type = mgs_cache_dbm; sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 4364add..025e4e1 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -148,10 +148,10 @@ static int cert_retrieve_fn(gnutls_session_t session, gnutls_retr_st * ret) ctxt = gnutls_transport_get_ptr(session); ret->type = GNUTLS_CRT_X509; - ret->ncerts = 1; + ret->ncerts = ctxt->sc->certs_x509_num; ret->deinit_all = 0; - ret->cert.x509 = &ctxt->sc->cert_x509; + ret->cert.x509 = ctxt->sc->certs_x509; ret->key.x509 = ctxt->sc->privkey_x509; return 0; } @@ -334,7 +334,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, } } - if (sc->cert_x509 == NULL + if (sc->certs_x509[0] == NULL && sc->enabled == GNUTLS_ENABLED_TRUE) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "[GnuTLS] - Host '%s:%d' is missing a " @@ -353,7 +353,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, } if (sc->enabled == GNUTLS_ENABLED_TRUE) { - rv = read_crt_cn(s, p, sc->cert_x509, &sc->cert_cn); + rv = read_crt_cn(s, p, sc->certs_x509[0], &sc->cert_cn); if (rv < 0) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "[GnuTLS] - Cannot find a certificate for host '%s:%d'!", @@ -686,7 +686,7 @@ int mgs_hook_fixups(request_rec * r) tmp = mgs_session_id2sz(sbuf, len, buf, sizeof(buf)); apr_table_setn(env, "SSL_SESSION_ID", apr_pstrdup(r->pool, tmp)); - mgs_add_common_cert_vars(r, ctxt->sc->cert_x509, 0, + mgs_add_common_cert_vars(r, ctxt->sc->certs_x509[0], 0, ctxt->sc->export_certificates_enabled); return rv; -- cgit From e2ba0d06fd1edd80ca76bb2279b76944b6e6a901 Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Sun, 9 Dec 2007 10:19:00 +0000 Subject: Corrected bug which did not allow the TLS session cache to be used. --- NEWS | 2 ++ src/gnutls_hooks.c | 6 ++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 29bf060..bb2df34 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,8 @@ - Added support for sending a certificate chain. +- Corrected bug which did not allow the TLS session cache to be used. + ** Version 0.4.1 (2007-12-03) - Added support for subject alternative names in certificates. diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 025e4e1..15b66fa 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -133,10 +133,6 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) if (ret < 0) return ret; - /* allow separate caches per virtual host. Actually allowing the same is a - * bad idea, since they might have different security requirements. - */ - mgs_cache_session_init(ctxt); return 0; } @@ -591,6 +587,8 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) gnutls_handshake_set_post_client_hello_function(ctxt->session, mgs_select_virtual_server_cb); + mgs_cache_session_init(ctxt); + return ctxt; } -- cgit From ae5263c379cc43e451102e4c4e193f48fd91df88 Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Sun, 9 Dec 2007 11:12:23 +0000 Subject: Do not allow resuming sessions on different servers. --- NEWS | 2 ++ src/gnutls_cache.c | 84 +++++++++++++++++++++++++++++++----------------------- 2 files changed, 51 insertions(+), 35 deletions(-) diff --git a/NEWS b/NEWS index bb2df34..116ce34 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,8 @@ - Corrected bug which did not allow the TLS session cache to be used. +- Do not allow resuming sessions on different servers. + ** Version 0.4.1 (2007-12-03) - Added support for subject alternative names in certificates. diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index 86b843e..b29086b 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c @@ -34,18 +34,16 @@ #define MC_TAG "mod_gnutls:" -#define MC_TAG_LEN \ - (sizeof(MC_TAG)) +#define MC_TAG_LEN sizeof(MC_TAG) #define STR_SESSION_LEN (GNUTLS_SESSION_ID_STRING_LEN + MC_TAG_LEN) -#if 0 -static char *gnutls_session_id2sz(unsigned char *id, int idlen, +char *mgs_session_id2sz(unsigned char *id, int idlen, char *str, int strsize) { char *cp; int n; - - cp = apr_cpystrn(str, MC_TAG, MC_TAG_LEN); + + cp = str; for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) { apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]); cp += 2; @@ -53,7 +51,27 @@ static char *gnutls_session_id2sz(unsigned char *id, int idlen, *cp = '\0'; return str; } -#endif + + +/* Name the Session ID as: + * IP:port.SessionID + * to disallow resuming sessions on different servers + */ +static int mgs_session_id2dbm(conn_rec* c, unsigned char *id, int idlen, + apr_datum_t* dbmkey) +{ +char buf[STR_SESSION_LEN]; +char *sz; + + sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf)); + if (sz == NULL) + return -1; + + dbmkey->dptr = apr_psprintf(c->pool, "%s:%d.%s", c->local_ip, c->base_server->port, sz); + dbmkey->dsize = strlen( dbmkey->dptr); + + return 0; +} #define CTIME "%b %d %k:%M:%S %Y %Z" char *mgs_time2sz(time_t in_time, char *str, int strsize) @@ -70,24 +88,23 @@ char *mgs_time2sz(time_t in_time, char *str, int strsize) return str; } -char *mgs_session_id2sz(unsigned char *id, int idlen, - char *str, int strsize) +#if HAVE_APR_MEMCACHE +/* Name the Session ID as: + * IP:port.SessionID + * to disallow resuming sessions on different servers + */ +static char* mgs_session_id2mc(conn_rec* c, unsigned char *id, int idlen) { - char *cp; - int n; +char buf[STR_SESSION_LEN]; +char *sz; - cp = str; - for (n = 0; n < idlen && n < GNUTLS_MAX_SESSION_ID; n++) { - apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]); - cp += 2; - } - *cp = '\0'; - return str; + sz = mgs_session_id2sz(id, idlen, buf, sizeof(buf)); + if (sz == NULL) + return NULL; + + return apr_psprintf(c->pool, MC_TAG"%s:%d.%s", c->local_ip, c->base_server->port, sz); } - -#if HAVE_APR_MEMCACHE - /** * GnuTLS Session Cache using libmemcached * @@ -184,11 +201,10 @@ static int mc_cache_store(void* baton, gnutls_datum_t key, { apr_status_t rv = APR_SUCCESS; mgs_handle_t *ctxt = baton; - char buf[STR_SESSION_LEN]; char* strkey = NULL; apr_uint32_t timeout; - strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf)); + strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); if(!strkey) return -1; @@ -211,13 +227,12 @@ static gnutls_datum_t mc_cache_fetch(void* baton, gnutls_datum_t key) { apr_status_t rv = APR_SUCCESS; mgs_handle_t *ctxt = baton; - char buf[STR_SESSION_LEN]; char* strkey = NULL; char* value; apr_size_t value_len; gnutls_datum_t data = { NULL, 0 }; - strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf)); + strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); if (!strkey) { return data; } @@ -252,10 +267,9 @@ static int mc_cache_delete(void* baton, gnutls_datum_t key) { apr_status_t rv = APR_SUCCESS; mgs_handle_t *ctxt = baton; - char buf[STR_SESSION_LEN]; char* strkey = NULL; - strkey = gnutls_session_id2sz(key.data, key.size, buf, sizeof(buf)); + strkey = mgs_session_id2mc(ctxt->c, key.data, key.size); if(!strkey) return -1; @@ -366,8 +380,8 @@ static gnutls_datum_t dbm_cache_fetch(void* baton, gnutls_datum_t key) mgs_handle_t *ctxt = baton; apr_status_t rv; - dbmkey.dptr = (void*)key.data; - dbmkey.dsize = key.size; + if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) + return data; rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); @@ -413,9 +427,9 @@ static int dbm_cache_store(void* baton, gnutls_datum_t key, mgs_handle_t *ctxt = baton; apr_status_t rv; apr_time_t expiry; - - dbmkey.dptr = (char *)key.data; - dbmkey.dsize = key.size; + + if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) + return -1; /* create DBM value */ dbmval.dsize = data.size + sizeof(apr_time_t); @@ -467,9 +481,9 @@ static int dbm_cache_delete(void* baton, gnutls_datum_t key) apr_datum_t dbmkey; mgs_handle_t *ctxt = baton; apr_status_t rv; - - dbmkey.dptr = (char *)key.data; - dbmkey.dsize = key.size; + + if (mgs_session_id2dbm(ctxt->c, key.data, key.size, &dbmkey) < 0) + return -1; rv = apr_dbm_open(&dbm, ctxt->sc->cache_config, APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, ctxt->c->pool); -- cgit From 47d85e7795db6797f5186f2bf4c18aef130561f2 Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Sun, 9 Dec 2007 11:35:24 +0000 Subject: --- src/gnutls_cache.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index b29086b..83e7bb5 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c @@ -54,7 +54,7 @@ char *mgs_session_id2sz(unsigned char *id, int idlen, /* Name the Session ID as: - * IP:port.SessionID + * server:port.SessionID * to disallow resuming sessions on different servers */ static int mgs_session_id2dbm(conn_rec* c, unsigned char *id, int idlen, @@ -67,7 +67,7 @@ char *sz; if (sz == NULL) return -1; - dbmkey->dptr = apr_psprintf(c->pool, "%s:%d.%s", c->local_ip, c->base_server->port, sz); + dbmkey->dptr = apr_psprintf(c->pool, "%s:%d.%s", c->base_server->server_hostname, c->base_server->port, sz); dbmkey->dsize = strlen( dbmkey->dptr); return 0; @@ -90,7 +90,7 @@ char *mgs_time2sz(time_t in_time, char *str, int strsize) #if HAVE_APR_MEMCACHE /* Name the Session ID as: - * IP:port.SessionID + * server:port.SessionID * to disallow resuming sessions on different servers */ static char* mgs_session_id2mc(conn_rec* c, unsigned char *id, int idlen) @@ -102,7 +102,7 @@ char *sz; if (sz == NULL) return NULL; - return apr_psprintf(c->pool, MC_TAG"%s:%d.%s", c->local_ip, c->base_server->port, sz); + return apr_psprintf(c->pool, MC_TAG"%s:%d.%s", c->base_server->server_hostname, c->base_server->port, sz); } /** -- cgit From 9d3bccea8719c4b5e50c3ffc643a95fbdf63485c Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Mon, 10 Dec 2007 21:17:51 +0000 Subject: --- NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 116ce34..49abeda 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -** Version 0.4.2 +** Version 0.4.2 (2007-12-10) - Added support for sending a certificate chain. -- cgit From d45cdc5945cd6ff140890c8e8ea880443b26f4ea Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Mon, 10 Dec 2007 22:30:00 +0000 Subject: --- README | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/README b/README index 85418de..83ced25 100644 --- a/README +++ b/README @@ -11,7 +11,7 @@ to debug. I wanted to understand how it worked, and I had recently heard about GnuTLS, so long story short, I decided to implement a mod_gnutls. Lines of Code in mod_ssl: 15,324 -Lines of Code in mod_gnutls: 1,886 +Lines of Code in mod_gnutls: 3,594 Because of writing mod_gnutls, I now understand how input and output filters work, better than I ever thought possible. It was a little painful at times, and some parts @@ -63,17 +63,13 @@ GnuTLSCache dbm conf/gnutls_cache # a more advanced configuration GnuTLSCache dbm "/var/cache/www-tls-cache/cache" -GnuTLSCacheTimeout 500 -GnuTLSProtocols TLS1.1 TLS1.0 SSL3.0 +GnuTLSCacheTimeout 600 NameVirtualHost 1.2.3.4:443 Servername server.com:443 GnuTLSEnable on - GnuTLSCiphers AES-128-CBC 3DES-CBC ARCFOUR-128 - GnuTLSKeyExchangeAlgorithms RSA DHE-RSA DHE-DSS SRP SRP-RSA SRP-DSS - GnuTLSMACAlgorithms SHA1 MD5 - GnuTLSCompressionMethods NULL + GnuTLSPriority NORMAL # To export exactly the same environment variables as mod_ssl to CGI scripts. GNUTLSExportCertificates on -- cgit From a592fc96a77530e8c5e04e30389f90074b01d77b Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Mon, 10 Dec 2007 22:49:20 +0000 Subject: --- README.ENV | 8 ++++---- src/gnutls_hooks.c | 12 ++++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README.ENV b/README.ENV index c055dfe..34dbcf6 100644 --- a/README.ENV +++ b/README.ENV @@ -19,7 +19,7 @@ SSL_CLIENT_V_START: The activation time of client's certificate. SSL_CLIENT_V_END: The expiration time of client's certificate. SSL_CLIENT_S_DN: The distinguished name of client's certificate in RFC2253 format. SSL_CLIENT_I_DN: The distinguished name of client's issuer certificate in RFC2253 format. -SSL_CLIENT_S_SAN%: These will contain the alternative names of the client certificate +SSL_CLIENT_S_AN%: These will contain the alternative names of the client certificate (% is a number starting from zero). The values will be prepended by "DNSNAME:", "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value "UNSUPPORTED" will be set. @@ -30,13 +30,13 @@ SSL_CLIENT_A_KEY: The public key algorithm in client's certificate. SSL_CLIENT_CERT: The PEM-encoded client certificate SSL_CLIENT_VERIFY: whether the client's certificate was verified. (NONE if none was sent, or SUCCESS or FAILED) -SSL_CLIENT_S_TYPE: The certificate type can be X.509 or OPENPGP. +SSL_CLIENT_CERT_TYPE: The certificate type can be X.509 or OPENPGP. SSL_SERVER_V_START: The activation time of server's certificate. SSL_SERVER_V_END: The expiration time of server's certificate. SSL_SERVER_S_DN: The distinguished name of the server's certificate in RFC2253 format. SSL_SERVER_I_DN: The distinguished name of the server's issuer certificate in RFC2253 format. -SSL_SERVER_S_SAN%: These will contain the alternative names of the server certificate +SSL_SERVER_S_AN%: These will contain the alternative names of the server certificate (% is a number starting from zero). The values will be prepended by "DNSNAME:", "RFC822NAME:" or "URI:" depending on the type. If it is not supported the value "UNSUPPORTED" will be set. @@ -45,5 +45,5 @@ SSL_SERVER_M_VERSION: The version of the server's certificate. SSL_SERVER_A_SIG: The algorithm used for the signature in server's certificate. SSL_SERVER_A_KEY: The public key algorithm in server's certificate. SSL_SERVER_CERT: The PEM-encoded server certificate -SSL_SERVER_S_TYPE: The certificate type can be X.509 or OPENPGP. +SSL_SERVER_CERT_TYPE: The certificate type can be X.509 or OPENPGP. diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 15b66fa..44b2bc1 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -792,8 +792,12 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, apr_pstrcat(r->pool, MGS_SIDE, "_M_VERSION", NULL), apr_psprintf(r->pool, "%u", ret)); + apr_table_setn(env, + apr_pstrcat(r->pool, MGS_SIDE, "_CERT_TYPE", NULL), "X.509"); +#ifdef COMPAT apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_S_TYPE", NULL), "X.509"); +#endif tmp = mgs_time2sz(gnutls_x509_crt_get_expiration_time @@ -835,19 +839,19 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, if (ret == GNUTLS_SAN_DNSNAME) { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), apr_psprintf(r->pool, "DNSNAME:%s", tmp2)); } else if (ret == GNUTLS_SAN_RFC822NAME) { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), apr_psprintf(r->pool, "RFC822NAME:%s", tmp2)); } else if (ret == GNUTLS_SAN_URI) { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), apr_psprintf(r->pool, "URI:%s", tmp2)); } else { apr_table_setn(env, - apr_psprintf(r->pool, "%s_S_SAN%u", MGS_SIDE, i), + apr_psprintf(r->pool, "%s_S_AN%u", MGS_SIDE, i), "UNSUPPORTED"); } } -- cgit From 9120fdbd1f33e4ed465ee181ec237a68fa27bf2c Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Mon, 10 Dec 2007 22:53:22 +0000 Subject: --- configure.ac | 2 +- src/gnutls_hooks.c | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index b096a45..259e289 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ dnl -AC_INIT(mod_gnutls, 0.4.2) +AC_INIT(mod_gnutls, 0.4.2.1) OOO_CONFIG_NICE(config.nice) MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION AC_PREREQ(2.53) diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 44b2bc1..55a1120 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -794,10 +794,6 @@ mgs_add_common_cert_vars(request_rec * r, gnutls_x509_crt cert, int side, apr_table_setn(env, apr_pstrcat(r->pool, MGS_SIDE, "_CERT_TYPE", NULL), "X.509"); -#ifdef COMPAT - apr_table_setn(env, - apr_pstrcat(r->pool, MGS_SIDE, "_S_TYPE", NULL), "X.509"); -#endif tmp = mgs_time2sz(gnutls_x509_crt_get_expiration_time -- cgit