commit - 6957a8c27fa6df0590c6dce9f386dd669bd0b6b3
commit + f740b61b03c9e31f4915ee7d7444d64fc320b41c
blob - 27854a52e2f9f31d6a27fb10bfa32cda4352fee9
blob + 075bad82960d843caa4917a2cd470ad4f9569a4e
--- ChangeLog
+++ ChangeLog
+2021-06-11 Omar Polo <op@omarpolo.com>
+
+ * fcgi.c (send_fcgi_req): send GATEWAY_INTERFACE, AUTH_TYPE,
+ REMOTE_USER, TLS_CLIENT_ISSUER, TLS_CLIENT_HASH, TLS_VERSION,
+ TLS_CIPHER, TLS_CIPHER_STRENGTH and TLS_CLIENT_NOT_BEFORE/AFTER.
+ (send_fcgi_req): support a custom list of params
+
2021-05-24 Omar Polo <op@omarpolo.com>
* gg.c: move `gg' to regress, as it's only used for the tests
blob - 8a566b3abf92d1cbcd76afdf62b6c56ce84741f0
blob + 1413d75635a04ebeca4b575838384be5f30e499b
--- fcgi.c
+++ fcgi.c
*/
#define DEBUG_FCGI 0
-#ifdef DEBUG_FCGI
+#if DEBUG_FCGI
# include <sys/un.h>
static int debug_socket = -1;
#endif
void
send_fcgi_req(struct fcgi *f, struct client *c)
{
- char addr[NI_MAXHOST];
- const char *t;
+ char addr[NI_MAXHOST], buf[22];
int e;
+ time_t tim;
+ struct tm tminfo;
+ struct envlist *p;
e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
addr, sizeof(addr),
c->next = NULL;
fcgi_begin_request(f->fd, c->id);
+ fcgi_send_param(f->fd, c->id, "GATEWAY_INTERFACE", "CGI/1.1");
fcgi_send_param(f->fd, c->id, "GEMINI_URL_PATH", c->iri.path);
fcgi_send_param(f->fd, c->id, "QUERY_STRING", c->iri.query);
fcgi_send_param(f->fd, c->id, "REMOTE_ADDR", addr);
fcgi_send_param(f->fd, c->id, "SERVER_NAME", c->iri.host);
fcgi_send_param(f->fd, c->id, "SERVER_PROTOCOL", "GEMINI");
fcgi_send_param(f->fd, c->id, "SERVER_SOFTWARE", GMID_VERSION);
+
+ if (tls_peer_cert_provided(c->ctx)) {
+ fcgi_send_param(f->fd, c->id, "AUTH_TYPE", "CERTIFICATE");
+ fcgi_send_param(f->fd, c->id, "REMOTE_USER",
+ tls_peer_cert_subject(c->ctx));
+ fcgi_send_param(f->fd, c->id, "TLS_CLIENT_ISSUER",
+ tls_peer_cert_issuer(c->ctx));
+ fcgi_send_param(f->fd, c->id, "TLS_CLIENT_HASH",
+ tls_peer_cert_hash(c->ctx));
+ fcgi_send_param(f->fd, c->id, "TLS_VERSION",
+ tls_conn_version(c->ctx));
+ fcgi_send_param(f->fd, c->id, "TLS_CIPHER",
+ tls_conn_cipher(c->ctx));
+ snprintf(buf, sizeof(buf), "%d",
+ tls_conn_cipher_strength(c->ctx));
+ fcgi_send_param(f->fd, c->id, "TLS_CIPHER_STRENGTH", buf);
+
+ tim = tls_peer_cert_notbefore(c->ctx);
+ strftime(buf, sizeof(buf), "%FT%TZ",
+ gmtime_r(&tim, &tminfo));
+ fcgi_send_param(f->fd, c->id, "TLS_CLIENT_NOT_BEFORE", buf);
+
+ tim = tls_peer_cert_notafter(c->ctx);
+ strftime(buf, sizeof(buf), "%FT%TZ",
+ gmtime_r(&tim, &tminfo));
+ fcgi_send_param(f->fd, c->id, "TLS_CLIENT_NOT_AFTER", buf);
+
+ TAILQ_FOREACH(p, &c->host->params, envs) {
+ fcgi_send_param(f->fd, c->id, p->name, p->value);
+ }
+ } else
+ fcgi_send_param(f->fd, c->id, "AUTH_TYPE", "");
+
if (fcgi_end_param(f->fd, c->id) == -1)
close_all(f);
}
blob - 2443797b59939bb5de10d1f262abb23e6ee762ce
blob + ee4152f49c22ead2eb68e376f4fdabf97cfd554e
--- gmid.h
+++ gmid.h
struct lochead locations;
struct envhead env;
+ struct envhead params;
struct aliashead aliases;
};
