[mod_gnutls-devel] [pull-request] Enable/disable TLS per connection in ssl_engine_disable to make proxy work

Thomas Klute thomas2.klute at uni-dortmund.de
Tue Jan 20 17:26:26 CET 2015

Hi everyone,

I've fixed another bug that occurred when using mod_gnutls with
mod_proxy. ssl_engine_disable disabled TLS server wide, so further
client connections using TLS failed. I've solved the problem by adding a
connection specific "enable" variable [1].

The pull request below includes the segfault fix I sent earlier this
month [2], and you can take a look at my changes on Github [3].

Kind regards,
Thomas Klute

[3] https://github.com/airtower-luna/mod_gnutls/tree/proxy-segfault-fix

The following changes since commit c32240fe453de3ce9c48887f2ecd649a5555340f:

  switch from --long-arg=foo to --long-arg foo for certtool in test
suite (2014-09-24 13:01:57 -0400)

are available in the git repository at:

  https://github.com/airtower-luna/mod_gnutls.git proxy-segfault-fix

for you to fetch changes up to e8acf058857eae21cde2fca0f4e97338075f5f60:

  Enable/disable TLS per connection in ssl_engine_disable (2015-01-20
16:45:39 +0100)

Thomas Klute (4):
      Use proper GNUTLS_ENABLED_* macros in SSL proxy functions
      Check if filters exist before removing them in ssl_engine_disable
      Check error codes during GnuTLS connection init
      Enable/disable TLS per connection in ssl_engine_disable

 include/mod_gnutls.h.in |  2 ++
 src/gnutls_hooks.c      | 62
 src/mod_gnutls.c        | 33 +++++++++++++++++++-------
 3 files changed, 68 insertions(+), 29 deletions(-)

More information about the mod_gnutls-devel mailing list