[mod_gnutls-devel] [pull-request] Enable/disable TLS per connection in ssl_engine_disable to make proxy work
Thomas Klute
thomas2.klute at uni-dortmund.de
Tue Jan 20 17:26:26 CET 2015
Hi everyone,
I've fixed another bug that occurred when using mod_gnutls with
mod_proxy. ssl_engine_disable disabled TLS server wide, so further
client connections using TLS failed. I've solved the problem by adding a
connection specific "enable" variable [1].
The pull request below includes the segfault fix I sent earlier this
month [2], and you can take a look at my changes on Github [3].
Kind regards,
Thomas Klute
[1]
https://github.com/airtower-luna/mod_gnutls/commit/e8acf058857eae21cde2fca0f4e97338075f5f60
[2]
http://lists.gnupg.org/pipermail/mod_gnutls-devel/2015-January/000112.html
[3] https://github.com/airtower-luna/mod_gnutls/tree/proxy-segfault-fix
The following changes since commit c32240fe453de3ce9c48887f2ecd649a5555340f:
switch from --long-arg=foo to --long-arg foo for certtool in test
suite (2014-09-24 13:01:57 -0400)
are available in the git repository at:
https://github.com/airtower-luna/mod_gnutls.git proxy-segfault-fix
for you to fetch changes up to e8acf058857eae21cde2fca0f4e97338075f5f60:
Enable/disable TLS per connection in ssl_engine_disable (2015-01-20
16:45:39 +0100)
----------------------------------------------------------------
Thomas Klute (4):
Use proper GNUTLS_ENABLED_* macros in SSL proxy functions
Check if filters exist before removing them in ssl_engine_disable
Check error codes during GnuTLS connection init
Enable/disable TLS per connection in ssl_engine_disable
include/mod_gnutls.h.in | 2 ++
src/gnutls_hooks.c | 62
++++++++++++++++++++++++++++++++-----------------
src/mod_gnutls.c | 33 +++++++++++++++++++-------
3 files changed, 68 insertions(+), 29 deletions(-)
More information about the mod_gnutls-devel
mailing list