tls_conf_server_t *sc = tls_conf_server_get(s);
if (sc && sc->global->session_cache) {
- ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, "adding session persistance to rustls");
+ ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, "adding session persistence to rustls");
rustls_server_config_builder_set_persistence(
builder, tls_cache_get, tls_cache_put);
}
AP_INIT_TAKE1("TLSHonorClientOrder", tls_conf_set_honor_client_order, NULL, RSRC_CONF,
"Set 'on' to have the server honor client preferences in cipher suites, default off."),
AP_INIT_TAKE1("TLSEngine", tls_conf_add_engine, NULL, RSRC_CONF,
- "Specify an adress+port where the module shall handle incoming TLS connections."),
+ "Specify an address+port where the module shall handle incoming TLS connections."),
AP_INIT_TAKE_ARGV("TLSOptions", tls_conf_set_options, NULL, OR_OPTIONS,
"En-/disables optional features in the module."),
AP_INIT_TAKE1("TLSProtocol", tls_conf_set_protocol, NULL, RSRC_CONF,
* and then readonly.
*/
typedef struct {
- server_rec *ap_server; /* the gobal server we initialized on */
+ server_rec *ap_server; /* the global server we initialized on */
const char *module_version;
const char *crustls_version;
apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s,
ap_conf_vector_t *section_config);
-#endif /* tls_conf_h */
\ No newline at end of file
+#endif /* tls_conf_h */
hostname = apr_table_get(c->notes, "proxy-request-hostname");
alpn_note = apr_table_get(c->notes, "proxy-request-alpn-protos");
ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, c->base_server,
- "setup_outgoing: to %s [ALPN: %s] from configration in %s"
+ "setup_outgoing: to %s [ALPN: %s] from configuration in %s"
" using CA %s", hostname, alpn_note, pc->defined_in->server_hostname, pc->proxy_ca);
rv = get_proxy_ciphers(&ciphersuites, c->pool, pc);
int sni_match = 0;
/* The initial rustls generic session has been fed the client hello and
- * we have extraced SNI and ALPN values (so present).
+ * we have extracted SNI and ALPN values (so present).
* Time to select the actual server_rec and application protocol that
* will be used on this connection. */
ap_assert(cc);
void tls_core_conn_disable(conn_rec *c);
/**
- * Initialiaze the tls_conf_connt_t for the connection
+ * Initialize the tls_conf_connt_t for the connection
* and decide if TLS is enabled or not.
* @return OK if enabled, DECLINED otherwise
*/
*/
int tls_core_setup_outgoing(conn_rec *c);
-#endif /* tls_core_h */
\ No newline at end of file
+#endif /* tls_core_h */
bb_tmp = fctx->fin_tls_bb; /* data we have yet to feed to rustls */
fctx->fin_tls_bb = fctx->fin_tls_buffer_bb; /* data we already fed to the pre_session */
fctx->fin_tls_buffer_bb = NULL;
- APR_BRIGADE_CONCAT(fctx->fin_tls_bb, bb_tmp); /* all tls data from the cleint so far, reloaded */
+ APR_BRIGADE_CONCAT(fctx->fin_tls_bb, bb_tmp); /* all tls data from the client so far, reloaded */
apr_brigade_destroy(bb_tmp);
rv = APR_SUCCESS;
}
(void)pool;
ap_register_input_filter(TLS_FILTER_RAW, filter_conn_input, NULL, AP_FTYPE_CONNECTION + 5);
ap_register_output_filter(TLS_FILTER_RAW, filter_conn_output, NULL, AP_FTYPE_CONNECTION + 5);
-}
\ No newline at end of file
+}
*/
typedef struct {
apr_uint16_t id; /* IANA 16-bit assigned value as used on the wire */
- const char *name; /* IANA given name of hte cipher */
+ const char *name; /* IANA given name of the cipher */
const char *alias; /* Optional, commonly known alternate name */
} tls_cipher_t;
tls_proto_conf_t *tls_proto_init(apr_pool_t *p, server_rec *s);
/**
- * Called during pre-config phase to start intialization
+ * Called during pre-config phase to start initialization
* of the tls protocol configuration.
*/
apr_status_t tls_proto_pre_config(apr_pool_t *pool, apr_pool_t *ptemp);
/**
- * Called during post-config phase to conclude the intialization
+ * Called during post-config phase to conclude the initialization
* of the tls protocol configuration.
*/
apr_status_t tls_proto_post_config(apr_pool_t *p, apr_pool_t *ptemp, server_rec *s);
/**
- * Get the TLS protocol identifer (as used on the wire) for the TLS
+ * Get the TLS protocol identifier (as used on the wire) for the TLS
* protocol of the given name. Returns 0 if protocol is unknown.
*/
apr_uint16_t tls_proto_get_version_by_name(tls_proto_conf_t *conf, const char *name);
/**
* Get the name of a TLS cipher for the IANA assigned 16bit value. This will
- * return the name in the protocol configuation, if the cipher is known, and
+ * return the name in the protocol configuration, if the cipher is known, and
* create the string `TLS_CIPHER_0x%04x` for the 16bit cipher value.
*/
const char *tls_proto_get_cipher_name(
apr_array_header_t *tls_proto_get_rustls_suites(
tls_proto_conf_t *conf, const apr_array_header_t *ids, apr_pool_t *pool);
-#endif /* tls_proto_h */
\ No newline at end of file
+#endif /* tls_proto_h */
if (APR_SUCCESS != rv) goto cleanup;
apr_brigade_length(dest, 0, &nend);
/* apr_brigade_split_line() has the nasty habit of leaving a 0-length bucket
- * at the start of the brigade when it transfered the whole content. Get rid of it.
+ * at the start of the brigade when it transferred the whole content. Get rid of it.
*/
if (!APR_BRIGADE_EMPTY(src)) {
apr_bucket *b = APR_BRIGADE_FIRST(src);
/**
* Transfer up to <length> bytes from <src> to <dest>, including all
- * encountered meta data buckets. The transfered buckets/data are
+ * encountered meta data buckets. The transferred buckets/data are
* removed from <src>.
- * Return the actual byte count transfered in <pnout>.
+ * Return the actual byte count transfer
red in <pnout>.
*/
apr_status_t tls_util_brigade_transfer(
apr_bucket_brigade *dest, apr_bucket_brigade *src, apr_off_t length,
-#endif /* tls_util_h */
\ No newline at end of file
+#endif /* tls_util_h */
ctx.c = c;
ctx.r = r;
ctx.cc = tls_conf_conn_get(c->master? c->master : c);
- /* Can we re-use teh precomputed connection values? */
+ /* Can we re-use the precomputed connection values? */
overlap = (r && ctx.cc->subprocess_env && r->server == ctx.cc->server);
if (overlap) {
apr_table_overlap(env, ctx.cc->subprocess_env, APR_OVERLAP_TABLES_SET);
}
}
else if (overlap && sdc->std_env_vars == TLS_FLAG_TRUE) {
- /* Remove variables added on connection init that are disbled here */
+ /* Remove variables added on connection init that are disabled here */
for (i = 0; i < TLS_DIM(StdEnvVars); ++i) {
apr_table_unset(env, StdEnvVars[i]);
}
}
}
else if (overlap && sdc->std_env_vars == TLS_FLAG_TRUE) {
- /* Remove variables added on connection init that are disbled here */
+ /* Remove variables added on connection init that are disabled here */
for (i = 0; i < TLS_DIM(ExportCertVars); ++i) {
apr_table_unset(env, ExportCertVars[i]);
}
cleanup:
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r,
- "delay_handler: request cleanup, r->status=%d, aborte=%d",
+ "delay_handler: request cleanup, r->status=%d, aborted=%d",
r->status, c->aborted);
if (rv == APR_SUCCESS
|| r->status != HTTP_OK
assert log_h2_full['bytes_rx_I'] > 0
assert log_h2_full['bytes_resp_B'] == full_length
assert log_h2_full['bytes_tx_O'] > full_length
- assert log_h1['bytes_rx_I'] > 0 # input bytes recieved
+ assert log_h1['bytes_rx_I'] > 0 # input bytes received
assert log_h1['bytes_resp_B'] == chunk # response bytes sent (payload)
assert log_h1['bytes_tx_O'] > chunk # output bytes sent
assert log_h2['bytes_rx_I'] > 0
assert 1 == len(promises)
assert '/006/006.js' == promises[0]["request"]["header"][":path"]
- # 2 Links, only one with correct rel attribue
+ # 2 Links, only one with correct rel attribute
def test_h2_400_03(self, env):
url = env.mkurl("https", "push", "/006-push3.html")
r = env.nghttp().get(url)
# setup: drive it
r = env.a2md(["-v", "drive", name])
- assert r.exit_code == 0, "drive not successfull: {0}".format(r.stderr)
+ assert r.exit_code == 0, "drive not successful: {0}".format(r.stderr)
assert env.a2md(["list", name]).json['output'][0]['state'] == env.MD_S_COMPLETE
# remove one domain -> status stays COMPLETE
-# test wildcard certifcates
+# test wildcard certificates
import os
import pytest
# use a curve unsupported by LE
# only works with mod_ssl as rustls refuses to load such a weak key
@pytest.mark.skipif(MDTestEnv.get_ssl_module() != "mod_ssl", reason="only for mod_ssl")
- @pytest.mark.skipif(MDTestEnv.get_acme_server() != 'boulder', reason="onyl boulder rejects this")
+ @pytest.mark.skipif(MDTestEnv.get_acme_server() != 'boulder', reason="only boulder rejects this")
def test_md_810_004(self, env):
domain = self.test_domain
# generate config with one MD
conf.install()
assert env.apache_restart() == 0
assert env.await_completion([domain], restart=False)
- # In the stats JSON, we excpect 2 certificates under 'renewal'
+ # In the stats JSON, we expect 2 certificates under 'renewal'
stat = env.get_md_status(domain)
assert 'renewal' in stat
assert 'cert' in stat['renewal']
assert 'rsa' in stat['renewal']['cert']
assert 'secp256r1' in stat['renewal']['cert']
- # In /.httpd/certificate-status 'renewal' we excpect 2 certificates
+ # In /.httpd/certificate-status 'renewal' we expect 2 certificates
status = env.get_certificate_status(domain)
assert 'renewal' in status
assert 'cert' in status['renewal']
assert r.exit_code != 0
def test_03_sni_request_other_same_config(self, env):
- # do we see the first vhost respone for another domain with different certs?
+ # do we see the first vhost response for another domain with different certs?
r = env.tls_get(env.domain_a, "/index.json", options=[
"-vvvv", "--header", "Host: {0}".format(env.domain_b)
])
if env.curl_supports_tls_1_3():
# can't do this test then
return
- # do we see the first vhost respone for an unknown domain?
+ # do we see the first vhost response for an unknown domain?
conf = TlsTestConf(env=env, extras={
env.domain_a: "TLSProtocol TLSv1.2+",
env.domain_b: "TLSProtocol TLSv1.3+"
env.apache_restart()
def test_06_ciphers_pref_unsupported(self, env):
- # a warning on prefering a known, but not supported cipher
+ # a warning on preferring a known, but not supported cipher
env.httpd_error_log.ignore_recent()
conf = TlsTestConf(env=env, extras={
env.domain_b: "TLSCiphersPrefer TLS_NULL_WITH_NULL_NULL"
projects / thirdparty / apache / httpd.git / commitdiff
