httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1630624 - in /httpd/httpd/trunk/modules/ssl: mod_ssl_ct.c ssl_ct_log_config.c ssl_ct_log_config.h
Date Fri, 10 Oct 2014 00:16:05 GMT
Author: trawick
Date: Fri Oct 10 00:16:05 2014
New Revision: 1630624

URL: http://svn.apache.org/r1630624
Log:
mod_ssl_ct: Work with current Certificate Transparency tools

(e.g., as of certificate-transparency commit 
3f03188fe89974d45345fddee64a8227bd2ec26a)

The interface to the "ct" tool now requires the log's URL and
public key, resulting in a bit of refactoring in the module.

Modified:
    httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c
    httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.c
    httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.h

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c?rev=1630624&r1=1630623&r2=1630624&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c Fri Oct 10 00:16:05 2014
@@ -491,8 +491,8 @@ static const char *url_to_fn(apr_pool_t 
 }
 
 static apr_status_t submission(server_rec *s, apr_pool_t *p, const char *ct_exe,
-                               const apr_uri_t *log_url, const char *cert_file,
-                               const char *sct_fn)
+                               const ct_log_config *log_cfg,
+                               const char *cert_file, const char *sct_fn)
 {
     apr_status_t rv;
     const char *args[8];
@@ -500,11 +500,11 @@ static apr_status_t submission(server_re
 
     i = 0;
     args[i++] = ct_exe;
-    args[i++] = apr_pstrcat(p, "--ct_server=", log_url->hostinfo, NULL);
-    args[i++] = "--http_log";
-    args[i++] = "--logtostderr";
+    args[i++] = apr_pstrcat(p, "--ct_server=", log_cfg->url, NULL);
+    args[i++] = "--logtostderr=true";
     args[i++] = apr_pstrcat(p, "--ct_server_submission=", cert_file, NULL);
     args[i++] = apr_pstrcat(p, "--ct_server_response_out=", sct_fn, NULL);
+    args[i++] = apr_pstrcat(p, "--ct_server_public_key=", log_cfg->public_key_pem, NULL);
     args[i++] = "upload";
     args[i++] = NULL;
     ap_assert(i == sizeof args / sizeof args[0]);
@@ -517,7 +517,7 @@ static apr_status_t submission(server_re
 static apr_status_t fetch_sct(server_rec *s, apr_pool_t *p,
                               const char *cert_file,
                               const char *cert_sct_dir,
-                              const apr_uri_t *log_url,
+                              const ct_log_config *log_cfg,
                               const char *ct_exe, apr_time_t max_sct_age)
 {
     apr_status_t rv;
@@ -525,7 +525,7 @@ static apr_status_t fetch_sct(server_rec
     apr_finfo_t finfo;
     const char *log_url_basename;
 
-    log_url_basename = url_to_fn(p, log_url);
+    log_url_basename = url_to_fn(p, &log_cfg->uri);
 
     rv = ctutil_path_join(&sct_fn, cert_sct_dir, log_url_basename, p, s);
     if (rv != APR_SUCCESS) {
@@ -558,7 +558,7 @@ static apr_status_t fetch_sct(server_rec
                      cert_file, sct_fn);
     }
 
-    rv = submission(s, p, ct_exe, log_url, cert_file, sct_fn);
+    rv = submission(s, p, ct_exe, log_cfg, cert_file, sct_fn);
 
     return rv;
 }
@@ -584,7 +584,7 @@ static apr_status_t record_log_urls(serv
     config_elts  = (ct_log_config **)log_config->elts;
 
     for (i = 0; i < log_config->nelts; i++) {
-        if (!config_elts[i]->uri_str) {
+        if (!log_configured_for_fetching_sct(config_elts[i])) {
             continue;
         }
         if (!log_valid_for_sent_sct(config_elts[i])) {
@@ -620,7 +620,7 @@ static int uri_in_config(const char *nee
 
     elts = (ct_log_config **)haystack->elts;
     for (i = 0; i < haystack->nelts; i++) {
-        if (!elts[i]->uri_str) {
+        if (!log_configured_for_fetching_sct(elts[i])) {
             continue;
         }
         if (!log_valid_for_sent_sct(elts[i])) {
@@ -778,7 +778,7 @@ static apr_status_t refresh_scts_for_cer
         }
 
         for (i = 0; i < log_config->nelts; i++) {
-            if (!config_elts[i]->url) {
+            if (!log_configured_for_fetching_sct(config_elts[i])) {
                 continue;
             }
             if (!log_valid_for_sent_sct(config_elts[i])) {
@@ -786,7 +786,7 @@ static apr_status_t refresh_scts_for_cer
             }
             rv = fetch_sct(s, p, cert_fn,
                            cert_sct_dir,
-                           &config_elts[i]->uri,
+                           config_elts[i],
                            ct_exe,
                            max_sct_age);
             if (rv != APR_SUCCESS) {

Modified: httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.c?rev=1630624&r1=1630623&r2=1630624&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.c Fri Oct 10 00:16:05 2014
@@ -422,3 +422,11 @@ int log_valid_for_sent_sct(const ct_log_
      */
     return log_valid_for_received_sct(l, apr_time_now());
 }
+
+int log_configured_for_fetching_sct(const ct_log_config *l)
+{
+    /* must have a url and a public key configured in order to obtain
+     * an SCT from the log
+     */
+    return l->url != NULL && l->public_key != NULL;
+}

Modified: httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.h?rev=1630624&r1=1630623&r2=1630624&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_ct_log_config.h Fri Oct 10 00:16:05 2014
@@ -54,4 +54,6 @@ int log_valid_for_sent_sct(const ct_log_
 
 int log_valid_for_received_sct(const ct_log_config *l, apr_time_t to_check);
 
+int log_configured_for_fetching_sct(const ct_log_config *l);
+
 #endif /* SSL_CT_LOG_CONFIG_H */



Mime
View raw message