From 787dab7316f5a9a314b538d0876a9e57af977dc3 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 20 Feb 2008 19:50:09 +0000 Subject: added option to disable srp (for distributions that disable it in gnutls) --- src/gnutls_config.c | 7 +++++++ src/gnutls_hooks.c | 6 ++++++ src/mod_gnutls.c | 2 ++ 3 files changed, 15 insertions(+) (limited to 'src') diff --git a/src/gnutls_config.c b/src/gnutls_config.c index f08512e..e290d90 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c @@ -281,6 +281,8 @@ const char *mgs_set_pgpkey_file(cmd_parms * parms, void *dummy, } +#ifdef ENABLE_SRP + const char *mgs_set_srp_tpasswd_file(cmd_parms * parms, void *dummy, const char *arg) { @@ -307,6 +309,8 @@ const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy, return NULL; } +#endif + const char *mgs_set_cache(cmd_parms * parms, void *dummy, const char *type, const char *arg) { @@ -543,6 +547,7 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) ": (%d) %s", ret, gnutls_strerror(ret)); } +#ifdef ENABLE_SRP ret = gnutls_srp_allocate_server_credentials(&sc->srp_creds); if (ret < 0) { return apr_psprintf(p, "GnuTLS: Failed to initialize" @@ -551,6 +556,8 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) sc->srp_tpasswd_conf_file = NULL; sc->srp_tpasswd_file = NULL; +#endif + sc->privkey_x509 = NULL; memset( sc->certs_x509, 0, sizeof(sc->certs_x509)); sc->certs_x509_num = 0; diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 26917b8..ee3c2db 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -131,11 +131,13 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) gnutls_credentials_set(session, GNUTLS_CRD_ANON, ctxt->sc->anon_creds); +#ifdef ENABLE_SRP if (ctxt->sc->srp_tpasswd_conf_file != NULL && ctxt->sc->srp_tpasswd_file != NULL) { gnutls_credentials_set(session, GNUTLS_CRD_SRP, ctxt->sc->srp_creds); } +#endif /* update the priorities - to avoid negotiating a ciphersuite that is not * enabled on this virtual server. Note that here we ignore the version @@ -379,6 +381,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn); +#ifdef ENABLE_SRP if (sc->srp_tpasswd_conf_file != NULL && sc->srp_tpasswd_file != NULL) { rv = gnutls_srp_set_server_credentials_file(sc->srp_creds, @@ -395,6 +398,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, exit(-1); } } +#endif if (sc->certs_x509[0] == NULL && sc->enabled == GNUTLS_ENABLED_TRUE) { @@ -722,8 +726,10 @@ int mgs_hook_fixups(request_rec * r) gnutls_compression_get_name(gnutls_compression_get (ctxt->session))); +#ifdef ENABLE_SRP apr_table_setn(env, "SSL_SRP_USER", gnutls_srp_server_get_username(ctxt->session)); +#endif if (apr_table_get(env, "SSL_CLIENT_VERIFY") == NULL) apr_table_setn(env, "SSL_CLIENT_VERIFY", "NONE"); diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 014bfc8..5207641 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -104,6 +104,7 @@ static const command_rec mgs_config_cmds[] = { NULL, RSRC_CONF, "SSL Server PGP Private key file"), +#ifdef ENABLE_SRP AP_INIT_TAKE1("GnuTLSSRPPasswdFile", mgs_set_srp_tpasswd_file, NULL, RSRC_CONF, @@ -112,6 +113,7 @@ static const command_rec mgs_config_cmds[] = { NULL, RSRC_CONF, "SSL Server SRP Parameters file"), +#endif AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout, NULL, RSRC_CONF, -- cgit