From 316bd8cab0ab97335f2b0e36c3a240ff7967ed1a Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Fri, 22 Apr 2005 01:29:13 +0000 Subject: - remove more debug logging. - fix a crash by changing the certificate structure *after* starting the handshake. --- src/gnutls_cache.c | 3 ++- src/gnutls_io.c | 9 +++++++-- src/mod_gnutls.c | 9 ++++++--- 3 files changed, 15 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c index 91e6ec9..eaeeea6 100644 --- a/src/gnutls_cache.c +++ b/src/gnutls_cache.c @@ -209,11 +209,12 @@ static gnutls_datum_t mc_cache_fetch(void* baton, gnutls_datum_t key) &value, &value_len, NULL); if (rv != APR_SUCCESS) { +#if MOD_GNUTLS_DEBUG ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, ctxt->c->base_server, "[gnutls_cache] error fetching key '%s' ", strkey); - +#endif data.size = 0; data.data = NULL; return data; diff --git a/src/gnutls_io.c b/src/gnutls_io.c index 5e0c4ef..dee2c4f 100644 --- a/src/gnutls_io.c +++ b/src/gnutls_io.c @@ -381,10 +381,15 @@ tryagain: gnutls_strerror(ret)); goto tryagain; } - - ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, +#if USING_2_1_RECENT + ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c, "GnuTLS: Handshake Failed (%d) '%s'", ret, gnutls_strerror(ret)); +#else + ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server, + "GnuTLS: Handshake Failed (%d) '%s'", ret, + gnutls_strerror(ret)); +#endif ctxt->status = -1; gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, gnutls_error_to_alert(ret, NULL)); diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index cb81a26..681411b 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -294,7 +294,6 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r) static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt) { - gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs); gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode); } @@ -479,9 +478,11 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c) gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types); mod_gnutls_cache_session_init(ctxt); + + gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs); gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); - + mod_gnutls_changed_servers(ctxt); return ctxt; } @@ -838,7 +839,7 @@ int mod_gnutls_hook_authz(request_rec *r) if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "GnuTLS: Ignoring Client Certificate!"); + "GnuTLS: Directory set to Ignore Client Certificate!"); return DECLINED; } @@ -855,8 +856,10 @@ int mod_gnutls_hook_authz(request_rec *r) } } else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) { +#if MOD_GNUTLS_DEBUG ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "GnuTLS: Peer is set to IGNORE"); +#endif return DECLINED; } -- cgit