Browse Source

[mod_gnutls] session ticket support

personal/stbuehler/wip
Stefan Bühler 9 years ago
parent
commit
f4280dca8b
  1. 2
      src/modules/gnutls_filter.c
  2. 34
      src/modules/mod_gnutls.c

2
src/modules/gnutls_filter.c

@ -24,7 +24,7 @@ struct liGnuTLSFilter {
unsigned int write_wants_read:1;
};
#if GNUTLS_VERSION_NUMBER >= 0x021200
#if GNUTLS_VERSION_NUMBER >= 0x020c00
#define HAVE_GIOVEC
typedef giovec_t li_iovec_t;
#else

34
src/modules/mod_gnutls.c

@ -8,6 +8,10 @@
#include <glib-2.0/glib/galloca.h>
#if GNUTLS_VERSION_NUMBER >= 0x020a00
#define HAVE_SESSION_TICKET
#endif
LI_API gboolean mod_gnutls_init(liModules *mods, liModule *mod);
LI_API gboolean mod_gnutls_free(liModules *mods, liModule *mod);
@ -32,6 +36,9 @@ struct mod_context {
gnutls_certificate_credentials_t server_cert;
gnutls_priority_t server_priority;
gnutls_priority_t server_priority_beast;
#ifdef HAVE_SESSION_TICKET
gnutls_datum_t ticket_key;
#endif
unsigned int protect_against_beast:1;
};
@ -43,6 +50,14 @@ static void mod_gnutls_context_release(mod_context *ctx) {
gnutls_priority_deinit(ctx->server_priority_beast);
gnutls_priority_deinit(ctx->server_priority);
gnutls_certificate_free_credentials(ctx->server_cert);
#ifdef HAVE_SESSION_TICKET
/* wtf. why is there no function in gnutls for this... */
if (NULL != ctx->ticket_key.data) {
gnutls_free(ctx->ticket_key.data);
ctx->ticket_key.data = NULL;
ctx->ticket_key.size = 0;
}
#endif
g_slice_free(mod_context, ctx);
}
@ -76,11 +91,22 @@ static mod_context *mod_gnutls_context_new(liServer *srv) {
goto error2;
}
#ifdef HAVE_SESSION_TICKET
if (GNUTLS_E_SUCCESS != (r = gnutls_session_ticket_key_generate(&ctx->ticket_key))) {
ERROR(srv, "gnutls_session_ticket_key_generate failed(%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto error3;
}
#endif
ctx->refcount = 1;
ctx->protect_against_beast = 1;
return ctx;
error3:
gnutls_priority_deinit(ctx->server_priority_beast);
error2:
gnutls_priority_deinit(ctx->server_priority);
@ -256,6 +282,14 @@ static gboolean mod_gnutls_con_new(liConnection *con, int fd) {
goto fail;
}
#ifdef HAVE_SESSION_TICKET
if (GNUTLS_E_SUCCESS != (r = gnutls_session_ticket_enable_server(session, &ctx->ticket_key))) {
ERROR(srv, "gnutls_session_ticket_enable_server (%s): %s",
gnutls_strerror_name(r), gnutls_strerror(r));
goto fail;
}
#endif
conctx = g_slice_new0(mod_connection_ctx);
conctx->session = session;
conctx->sock_stream = li_iostream_new(con->wrk, fd, tcp_io_cb, conctx);

Loading…
Cancel
Save