www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Add some improvements as suggested by Kaspar

Browse Source 
- expand comment in config file
- check username == NULL
- detect SRP support via SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB, not via openssl
  version
- rename rv variable


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1348653 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2012-06-10 19:50:25 +00:00
parent 1a175ccdf9
commit 6dd8ce1c33
4 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/conf/extra/httpd-ssl.conf.in
View File

@@ -159,8 +159,10 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key"
# TLS-SRP mutual authentication: # TLS-SRP mutual authentication:
# Enable TLS-SRP and set the path to the OpenSSL SRP verifier # Enable TLS-SRP and set the path to the OpenSSL SRP verifier
# file (containing login information for SRP user accounts). See # file (containing login information for SRP user accounts).
# the mod_ssl FAQ for instructions on creating this file. # Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
# detailed instructions on creating this file. Example:
# "openssl srp -srpvfile @exp_sysconfdir@/passwd.srpv -add username"
#SSLSRPVerifierFile "@exp_sysconfdir@/passwd.srpv" #SSLSRPVerifierFile "@exp_sysconfdir@/passwd.srpv"
# Access Control: # Access Control:

8
modules/ssl/ssl_engine_init.c
View File

@@ -532,7 +532,7 @@ static void ssl_init_ctx_tls_extensions(server_rec *s,
* TLS-SRP support * TLS-SRP support
*/ */
if (mctx->srp_vfile != NULL) { if (mctx->srp_vfile != NULL) {
int rv; int err;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02308) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02308)
"Using SRP verifier file [%s]", mctx->srp_vfile); "Using SRP verifier file [%s]", mctx->srp_vfile);
@@ -545,10 +545,10 @@ static void ssl_init_ctx_tls_extensions(server_rec *s,
ssl_die(); ssl_die();
} }
rv = SRP_VBASE_init(mctx->srp_vbase, mctx->srp_vfile); err = SRP_VBASE_init(mctx->srp_vbase, mctx->srp_vfile);
if (rv != SRP_NO_ERROR) { if (err != SRP_NO_ERROR) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02310) ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02310)
"Unable to load SRP verifier file [error %d]", rv); "Unable to load SRP verifier file [error %d]", err);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die(); ssl_die();
} }

3
modules/ssl/ssl_engine_kernel.c
View File

@@ -2254,7 +2254,8 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
char *username = SSL_get_srp_username(ssl); char *username = SSL_get_srp_username(ssl);
SRP_user_pwd *u; SRP_user_pwd *u;
if ((u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) { if (username == NULL
|| (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) {
*ad = SSL_AD_UNKNOWN_PSK_IDENTITY; *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
return SSL3_AL_FATAL; return SSL3_AL_FATAL;
} }

8
modules/ssl/ssl_private.h
View File

@@ -186,10 +186,12 @@
#endif #endif
/* SRP support came in OpenSSL 1.0.1 */ /* SRP support came in OpenSSL 1.0.1 */
#if (OPENSSL_VERSION_NUMBER < 0x10001000) #ifndef OPENSSL_NO_SRP
#define OPENSSL_NO_SRP #ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
#else
#include <openssl/srp.h> #include <openssl/srp.h>
#else
#define OPENSSL_NO_SRP
#endif
#endif #endif
/* mod_ssl headers */ /* mod_ssl headers */