Changeset 410d216 in mod_gnutls

Timestamp:

Oct 3, 2011, 7:28:42 AM (11 years ago)

Author:

Dash Shendy <neuromancer@…>

Branches:

asyncio, debian/master, debian/stretch-backports, jessie-backports, main, master, msva, proxy-ticket, upstream

Children:

fe42bfb

Parents:

b3eb741

Message:

Generate DH params instead of using the static ones

Location:

src

Files:

• gnutls_cache.c (modified) (1 diff)
• gnutls_hooks.c (modified) (6 diffs)

src/gnutls_cache.c

@@ -292 +292 @@
 }
 
-#endif                          /* have_apr_memcache */
-
-const char *db_type(mgs_srvconf_rec * sc) {
+#endif  /* have_apr_memcache */
+
+static const char *db_type(mgs_srvconf_rec * sc) {
     if (sc->cache_type == mgs_cache_gdbm)
         return "gdbm";

src/gnutls_hooks.c

@@ -192 +192 @@
 }
 
-/* 2048-bit group parameters from SRP specification */
+/* 2048-bit group parameters from SRP specification 
 const char static_dh_params[] = "-----BEGIN DH PARAMETERS-----\n"
         "MIIBBwKCAQCsa9tBMkqam/Fm3l4TiVgvr3K2ZRmH7gf8MZKUPbVgUKNzKcu0oJnt\n"
@@ -201 +201 @@
         "Nd4jbVJfVHWbZeNy/NaO8g+nER+eSv9zAgEC\n"
         "-----END DH PARAMETERS-----\n";
+*/
 
 /* Read the common name or the alternative name of the certificate.
@@ -291 +292 @@
     server_rec *s;
     gnutls_dh_params_t dh_params = NULL;
-    gnutls_rsa_params_t rsa_params = NULL;
     mgs_srvconf_rec *sc;
     mgs_srvconf_rec *sc_base;
@@ -317 +317 @@
 
     if (sc_base->dh_params == NULL) {
-        gnutls_datum pdata = {
-            (void *) static_dh_params,
-            sizeof (static_dh_params)
-        };
-        /* loading defaults */
-        rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
-                GNUTLS_X509_FMT_PEM);
-
+        gnutls_dh_params_generate2 (dh_params, 
+                gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,GNUTLS_SEC_PARAM_HIGH));
         if (rv < 0) {
             ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                    "GnuTLS: Unable to load DH Params: (%d) %s",
+                    "GnuTLS: Unable to generate DH Params: (%d) %s",
                     rv, gnutls_strerror(rv));
             exit(rv);
         }
-    } else
+    } else {
         dh_params = sc_base->dh_params;
-
-    if (sc_base->rsa_params != NULL)
-        rsa_params = sc_base->rsa_params;
-
-    /* else not an error but RSA-EXPORT ciphersuites are not available 
-     */
+    }
 
     rv = mgs_cache_post_config(p, s, sc_base);
@@ -349 +338 @@
 
     for (s = base_server; s; s = s->next) {
-        void *load = NULL;
         sc = (mgs_srvconf_rec *)
                 ap_get_module_config(s->module_config, &gnutls_module);
@@ -365 +353 @@
 
         /* Check if DH or RSA params have been set per host */
-        if (sc->rsa_params != NULL)
-            load = sc->rsa_params;
-        else if (rsa_params)
-            load = rsa_params;
-
-        if (load != NULL)
-            gnutls_certificate_set_rsa_export_params(sc->certs,
-                load);
-
-
-        load = NULL;
-        if (sc->dh_params != NULL)
-            load = sc->dh_params;
-        else if (dh_params)
-            load = dh_params;
-
-        if (load != NULL) { /* not needed but anyway */
-            gnutls_certificate_set_dh_params(sc->certs, load);
-            gnutls_anon_set_server_dh_params(sc->anon_creds,
-                    load);
+        if (sc->rsa_params != NULL) {
+            gnutls_certificate_set_rsa_export_params(sc->certs, sc->rsa_params);        
+        } 
+        /* else not an error but RSA-EXPORT ciphersuites are not available */
+
+        void *load = NULL;
+        if (sc->dh_params != NULL) {
+            gnutls_certificate_set_dh_params(sc->certs, sc->dh_params);
+            gnutls_anon_set_server_dh_params(sc->anon_creds, sc->dh_params);        
+        } else if (dh_params) {
+            gnutls_certificate_set_dh_params(sc->certs, dh_params);
+            gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);                    
         }