[mod_gnutls-devel] Add a MSVA sanity check during module load time
Ramkumar Chinchani
ramkumar.chinchani at gmail.com
Fri Mar 21 01:21:20 CET 2014
If apache is started as "root", then the following is needed
MSVA_ALLOWED_USERS="0" monkeysphere-validation-agent
Of course, MSVA daemon may fail later but at least we can eliminate
configuration errors.
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index 3300854..4a6a648 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -19,6 +19,9 @@
#include "mod_gnutls.h"
#include "apr_lib.h"
+#ifdef ENABLE_MSVA
+#include "msv/msv.h"
+#endif
#ifdef APLOG_USE_MODULE
APLOG_USE_MODULE(gnutls);
@@ -375,6 +378,19 @@ const char *mgs_set_client_verify_method(cmd_parms *
parms, void *dummy,
sc->client_verify_method = mgs_cvm_cartel;
} else if (strcasecmp("msva", arg) == 0) {
#ifdef ENABLE_MSVA
+ /* check if MSV is setup properly */
+ msv_ctxt_t ctx = msv_ctxt_init(NULL);
+ if (!ctx) {
+ return "MSV: Unable to initialize context";
+ }
+
+ int ret = msv_check_msva(ctx);
+ if (ret != LIBMSV_ERROR_SUCCESS) {
+ msv_ctxt_destroy(ctx);
+ return "MSV: Unable to check msva";
+ }
+ msv_ctxt_destroy(ctx);
+
sc->client_verify_method = mgs_cvm_msva;
#else
return "GnuTLSClientVerifyMethod: msva is not supported";
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140320/d220ba14/attachment.html>
More information about the mod_gnutls-devel
mailing list