Browse Source

[mod_mbedtls] wrap addtl code in preproc defines

wrap additional code in preprocessor defines to check if enabled in lib
master
Glenn Strauss 6 months ago
parent
commit
1d27391c29
  1. 16
      src/mod_mbedtls.c

16
src/mod_mbedtls.c

@ -401,8 +401,10 @@ static void mod_mbedtls_free_mbedtls (void)
{
if (!ssl_is_init) return;
#ifdef MBEDTLS_SSL_SESSION_TICKETS
mbedtls_platform_zeroize(session_ticket_keys, sizeof(session_ticket_keys));
stek_rotate_ts = 0;
#endif
plugin_data * const p = plugin_data_singleton;
mbedtls_ctr_drbg_free(&p->ctr_drbg);
@ -1395,8 +1397,14 @@ mod_mbedtls_set_defaults_sockets(server *srv, plugin_data *p)
"ssl.openssl.ssl-conf-cmd = (\"MinProtocol\" => \"SSLv3\")");
break;
case 10:/* ssl.stek-file */
#ifdef MBEDTLS_SSL_SESSION_TICKETS
if (!buffer_is_empty(cpv->v.b))
p->ssl_stek_file = cpv->v.b->ptr;
#else
log_error(srv->errh, __FILE__, __LINE__, "MTLS: "
"ssl.stek-file ignored; mbedtls library not built with "
"support for SSL session tickets");
#endif
break;
default:/* should not happen */
break;
@ -2039,11 +2047,13 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_accept)
* overlap, and so renegotiation setting is not reset upon connection close.
* Once enabled, renegotiation will remain so for this mbedtls_ssl_config.
* mbedtls defaults to disable client renegotiation
* (MBEDTLS_SSL_RENEGOTIATION_DISABLED)
* (MBEDTLS_LEGACY_SSL_RENEGOTIATION_DISABLED)
* and it is recommended to leave it disabled (lighttpd mbedtls default) */
#ifdef MBEDTLS_LEGACY_SSL_RENEGOTIATION_ENABLED
if (!hctx->conf.ssl_disable_client_renegotiation)
mbedtls_ssl_conf_renegotiation(s->ssl_ctx,
MBEDTLS_SSL_RENEGOTIATION_ENABLED);
mbedtls_legacy_ssl_conf_renegotiation(s->ssl_ctx,
MBEDTLS_LEGACY_SSL_RENEGOTIATION_ENABLED);
#endif
return HANDLER_GO_ON;
}

Loading…
Cancel
Save