From b997c05d0753e7fb30d0654dd311ea7598db962d Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Wed, 20 Feb 2008 20:05:11 +0000 Subject: added disable-srp option --- NEWS | 6 ++++++ configure.ac | 23 ++++++++++++++++++++--- src/gnutls_config.c | 7 +++++++ src/gnutls_hooks.c | 6 ++++++ src/mod_gnutls.c | 2 ++ 5 files changed, 41 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 49abeda..84e427a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,9 @@ +** Version 0.4.3 + +- Added --disable-srp configure option + +- Better check for memcache (patch by Guillaume Rousse) + ** Version 0.4.2 (2007-12-10) - Added support for sending a certificate chain. diff --git a/configure.ac b/configure.ac index 259e289..63c05e1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ dnl -AC_INIT(mod_gnutls, 0.4.2.1) +AC_INIT(mod_gnutls, 0.4.3) OOO_CONFIG_NICE(config.nice) MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION AC_PREREQ(2.53) @@ -28,8 +28,15 @@ CHECK_APACHE(,$AP_VERSION, dnl LIBTOOL="`${APR_CONFIG} --apr-libtool`" dnl AC_SUBST(LIBTOOL) -MIN_TLS_VERSION=2.1.7 +MIN_TLS_VERSION=2.2.1 CHECK_LIBGNUTLS($MIN_TLS_VERSION) +AM_PATH_LIBGNUTLS($MIN_TLS_VERSION,, + AC_MSG_ERROR([[ +*** +*** libgnutls were not found. You may want to get it from +*** http://www.gnutls.org/ +*** +]])) dnl CHECK_LUA() @@ -37,6 +44,16 @@ have_apr_memcache=0 CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0]) AC_SUBST(have_apr_memcache) +AC_ARG_ENABLE(srp, + AS_HELP_STRING([--disable-srp], + [unconditionally disable the SRP functionality]), + use_srp=$enableval, use_srp=yes) +if test "$use_srp" != "no"; then + AC_DEFINE_UNQUOTED(ENABLE_SRP, 1, [whether to enable SRP]) +fi +AC_MSG_CHECKING([whether to enable SRP functionality]) +AC_MSG_RESULT($use_srp) + MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES}" MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}" @@ -51,6 +68,6 @@ echo "Configuration summary for mod_gnutls:" echo "" echo " * mod_gnutls version: ${MOD_GNUTLS_VERSION}" echo " * Apache Modules directory: ${AP_LIBEXECDIR}" -echo " * GnuTLS Library version: ${LIBGNUTLS_VERSION}" +echo " * GnuTLS Library version: ${LIBGNUTLS_VERSION} | Required: ${MIN_TLS_VERSION}+" echo "" echo "---" diff --git a/src/gnutls_config.c b/src/gnutls_config.c index 8d6308a..4786f6d 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c @@ -202,6 +202,8 @@ const char *mgs_set_key_file(cmd_parms * parms, void *dummy, return NULL; } +#ifdef ENABLE_SRP + const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, const char *arg) { @@ -228,6 +230,8 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy, return NULL; } +#endif + const char *mgs_set_cache(cmd_parms * parms, void *dummy, const char *type, const char *arg) { @@ -426,6 +430,7 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) ": (%d) %s", ret, gnutls_strerror(ret)); } +#ifdef ENABLE_SRP ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); if (ret < 0) { return apr_psprintf(p, "GnuTLS: Failed to initialize" @@ -434,6 +439,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) sc->srp_tpasswd_conf_file = NULL; sc->srp_tpasswd_file = NULL; +#endif + sc->privkey_x509 = NULL; memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); sc->certs_x509_num = 0; diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 55a1120..0483602 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -115,11 +115,13 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); +#ifdef ENABLE_SRP if (ctxt->sc->srp_tpasswd_conf_file != NULL && ctxt->sc->srp_tpasswd_file != NULL) { gnutls_credentials_set(session, GNUTLS_CRD_SRP, ctxt->sc->srp_creds); } +#endif /* update the priorities - to avoid negotiating a ciphersuite that is not * enabled on this virtual server. Note that here we ignore the version @@ -313,6 +315,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); +#ifdef ENABLE_SRP if (sc->srp_tpasswd_conf_file != NULL && sc->srp_tpasswd_file != NULL) { rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, @@ -329,6 +332,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, exit(-1); } } +#endif if (sc->certs_x509[0] == NULL && sc->enabled == GNUTLS_ENABLED_TRUE) { @@ -662,8 +666,10 @@ int mgs_hook_fixups(request_rec * r) gnutls_compression_get_name(gnutls_compression_get (ctxt->session))); +#ifdef ENABLE_SRP apr_table_setn(env, "SSL_SRP_USER", gnutls_srp_server_get_username(ctxt->session)); +#endif if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index a6e5528..a8363fe 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -80,6 +80,7 @@ static const command_rec mgs_config_cmds[] = { NULL, RSRC_CONF, "SSL Server SRP Password file"), +#ifdef ENABLE_SRP AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, NULL, RSRC_CONF, @@ -88,6 +89,7 @@ static const command_rec mgs_config_cmds[] = { NULL, RSRC_CONF, "SSL Server SRP Parameters file"), +#endif AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, NULL, RSRC_CONF, -- cgit