From b1f7f11579affffbcb2d7a44d3c38d73e8dc9bf4 Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Thu, 2 Dec 2004 09:43:34 +0000 Subject: hey hey, this is working code! --- src/gnutls_io.c | 56 ++++++++++++++++++++++++++++---------------------------- src/mod_gnutls.c | 9 +++++---- 2 files changed, 33 insertions(+), 32 deletions(-) diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 659effa..ec2d08c 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c @@ -224,14 +224,6 @@ static apr_status_t gnutls_io_input_read(mod_gnutls_handle_t * ctxt, while (1) { - if (ctxt->status < 0) { - /* Ensure a non-zero error code is returned */ - if (ctxt->input_rc == APR_SUCCESS) { - ctxt->input_rc = APR_EGENERAL; - } - break; - } - rc = gnutls_record_recv(ctxt->session, buf + bytes, wanted - bytes); if (rc > 0) { @@ -348,6 +340,7 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) if (ctxt->status != 0) return; +#if 0 for (i = GNUTLS_HANDSHAKE_ATTEMPTS; i > 0; i--) { ret = gnutls_handshake(ctxt->session); @@ -364,14 +357,12 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) gnutls_alert_get_name(ret)); } - if (gnutls_error_is_fatal(ret) != 0) { - gnutls_deinit(ctxt->session); - ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, + gnutls_deinit(ctxt->session); + ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, "GnuTLS: Handshake Failed (%d) '%s'", ret, gnutls_strerror(ret)); ctxt->status = -1; return; - } } else { ctxt->status = 1; @@ -380,6 +371,30 @@ static void gnutls_do_handshake(mod_gnutls_handle_t * ctxt) } ctxt->status = -1; return; +#else +ret = gnutls_handshake(ctxt->session); + if (ret < 0) { + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { + ret = gnutls_alert_get(ctxt->session); + ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, + "GnuTLS: Hanshake Alert (%d) '%s'.\n", ret, + gnutls_alert_get_name(ret)); + } + + gnutls_deinit(ctxt->session); + ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, + "GnuTLS: Handshake Failed (%d) '%s'", ret, + gnutls_strerror(ret)); + ctxt->status = -1; + return; + } + else { + ctxt->status = 1; + return; /* all done with the handshake */ + } + +#endif } @@ -404,7 +419,7 @@ apr_status_t mod_gnutls_filter_input(ap_filter_t * f, } if (ctxt->status < 0) { - return ap_get_brigade(f->next, bb, mode, block, readbytes); +// return ap_get_brigade(f->next, bb, mode, block, readbytes); } /* XXX: we don't currently support anything other than these modes. */ @@ -643,19 +658,6 @@ ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr, { mod_gnutls_handle_t *ctxt = ptr; - if (!ctxt->output_length - && (len + ctxt->output_blen < sizeof(ctxt->output_buffer))) { - /* the first two SSL_writes (of 1024 and 261 bytes) - * need to be in the same packet (vec[0].iov_base) - */ - /* XXX: could use apr_brigade_write() to make code look cleaner - * but this way we avoid the malloc(APR_BUCKET_BUFF_SIZE) - * and free() of it later - */ - memcpy(&ctxt->output_buffer[ctxt->output_blen], buffer, len); - ctxt->output_blen += len; - } - else { /* pass along the encrypted data * need to flush since we're using SSL's malloc-ed buffer * which will be overwritten once we leave here @@ -670,7 +672,5 @@ ssize_t mod_gnutls_transport_write(gnutls_transport_ptr_t ptr, if (write_flush(ctxt) < 0) { return -1; } - } - return len; } diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index d4f1f16..9cccb03 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -149,7 +149,7 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) gnutls_certificate_server_set_request(ctxt->session, GNUTLS_CERT_IGNORE); -// gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); + gnutls_dh_set_prime_bits(ctxt->session, DH_BITS); return ctxt; } @@ -188,7 +188,7 @@ static const char *gnutls_set_cert_file(cmd_parms * parms, void *dummy, (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> module_config, &gnutls_module); - sc->cert_file = apr_pstrdup(parms->pool, arg); + sc->cert_file = ap_server_root_relative(parms->pool, arg); return NULL; } @@ -199,7 +199,7 @@ static const char *gnutls_set_key_file(cmd_parms * parms, void *dummy, (mod_gnutls_srvconf_rec *) ap_get_module_config(parms->server-> module_config, &gnutls_module); - sc->key_file = apr_pstrdup(parms->pool, arg); + sc->key_file = ap_server_root_relative(parms->pool, arg); return NULL; } @@ -291,9 +291,10 @@ static void *gnutls_config_server_create(apr_pool_t * p, server_rec * s) sc->ciphers[i] = 0; i = 0; + sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS; sc->key_exchange[i++] = GNUTLS_KX_RSA; - sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT; sc->key_exchange[i++] = GNUTLS_KX_DHE_RSA; + sc->key_exchange[i++] = GNUTLS_KX_RSA_EXPORT; sc->key_exchange[i++] = GNUTLS_KX_DHE_DSS; sc->key_exchange[i] = 0; -- cgit