- Timestamp:
- Dec 3, 2007, 1:26:23 PM (15 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, jessie-backports, master, msva, proxy-ticket, upstream
- Children:
- 8e2a483
- Parents:
- 2226711
- git-author:
- Nikos Mavrogiannopoulos <nmav@…> (12/03/07 13:26:23)
- git-committer:
- Nokis Mavrogiannopoulos <nmav@…> (12/03/07 13:26:23)
- Location:
- src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_config.c
r2226711 ra3c97d1 55 55 const char *arg) 56 56 { 57 mgs_srvconf_rec *sc = 58 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 59 module_config, 60 &gnutls_module); 61 62 sc->dh_params_file = ap_server_root_relative(parms->pool, arg); 57 int ret; 58 gnutls_datum_t data; 59 const char *file; 60 apr_pool_t *spool; 61 mgs_srvconf_rec *sc = 62 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 63 module_config, 64 &gnutls_module); 65 66 apr_pool_create(&spool, parms->pool); 67 68 file = ap_server_root_relative(spool, arg); 69 70 if (load_datum_from_file(spool, file, &data) != 0) { 71 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 72 "DH params '%s'", file); 73 } 74 75 gnutls_dh_params_init(&sc->dh_params); 76 ret = 77 gnutls_dh_params_import_pkcs3(sc->dh_params, &data, GNUTLS_X509_FMT_PEM); 78 if (ret != 0) { 79 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 80 "DH params '%s': (%d) %s", file, ret, 81 gnutls_strerror(ret)); 82 } 83 84 apr_pool_destroy(spool); 63 85 64 86 return NULL; … … 68 90 const char *arg) 69 91 { 70 mgs_srvconf_rec *sc = 71 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 72 module_config, 73 &gnutls_module); 74 75 sc->rsa_params_file = ap_server_root_relative(parms->pool, arg); 76 92 int ret; 93 gnutls_datum_t data; 94 const char *file; 95 apr_pool_t *spool; 96 mgs_srvconf_rec *sc = 97 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 98 module_config, 99 &gnutls_module); 100 101 apr_pool_create(&spool, parms->pool); 102 103 file = ap_server_root_relative(spool, arg); 104 105 if (load_datum_from_file(spool, file, &data) != 0) { 106 return apr_psprintf(parms->pool, "GnuTLS: Error Reading " 107 "RSA params '%s'", file); 108 } 109 110 gnutls_rsa_params_init(&sc->rsa_params); 111 ret = 112 gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, GNUTLS_X509_FMT_PEM); 113 if (ret != 0) { 114 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 115 "RSA params '%s': (%d) %s", file, ret, 116 gnutls_strerror(ret)); 117 } 118 119 apr_pool_destroy(spool); 77 120 return NULL; 78 121 } … … 104 147 if (ret != 0) { 105 148 return apr_psprintf(parms->pool, "GnuTLS: Failed to Import " 106 "Certificate '%s': (%d) %s", file, ret,149 "Certificate '%s': (%d) %s", file, ret, 107 150 gnutls_strerror(ret)); 108 151 } -
src/gnutls_hooks.c
r2226711 ra3c97d1 85 85 } 86 86 87 88 static gnutls_datum89 load_params(const char *file, server_rec * s, apr_pool_t * pool)90 {91 gnutls_datum ret = { NULL, 0 };92 apr_file_t *fp;93 apr_finfo_t finfo;94 apr_status_t rv;95 apr_size_t br = 0;96 97 rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT,98 pool);99 if (rv != APR_SUCCESS) {100 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,101 "GnuTLS failed to load params file at: %s. Will use internal params.",102 file);103 return ret;104 }105 106 rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);107 108 if (rv != APR_SUCCESS) {109 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,110 "GnuTLS failed to stat params file at: %s", file);111 return ret;112 }113 114 ret.data = apr_palloc(pool, finfo.size + 1);115 rv = apr_file_read_full(fp, ret.data, finfo.size, &br);116 117 if (rv != APR_SUCCESS) {118 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,119 "GnuTLS failed to read params file at: %s", file);120 return ret;121 }122 apr_file_close(fp);123 ret.data[br] = '\0';124 ret.size = br;125 126 return ret;127 }128 129 87 /* We don't support openpgp certificates, yet */ 130 88 const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 }; … … 285 243 286 244 { 287 gnutls_datum pdata = { NULL, 0 };288 apr_pool_t *tpool;289 245 s = base_server; 290 246 sc_base = … … 292 248 &gnutls_module); 293 249 294 apr_pool_create(&tpool, p);295 296 297 250 gnutls_dh_params_init(&dh_params); 298 251 299 if (sc_base->dh_params_file) 300 pdata = load_params(sc_base->dh_params_file, s, tpool); 301 302 if (pdata.size != 0) { 303 rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, 252 if (sc_base->dh_params == NULL) { 253 gnutls_datum pdata = { (void *) static_dh_params, sizeof(static_dh_params) }; 254 /* loading defaults */ 255 rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, 304 256 GNUTLS_X509_FMT_PEM); 305 if (rv != 0) { 306 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 307 "GnuTLS: Unable to load DH Params: (%d) %s", 308 rv, gnutls_strerror(rv)); 309 exit(rv); 310 } 311 } else { 312 /* If the file does not exist use internal parameters 313 */ 314 pdata.data = (void *) static_dh_params; 315 pdata.size = sizeof(static_dh_params); 316 rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, 317 GNUTLS_X509_FMT_PEM); 318 319 if (rv < 0) { 320 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 321 "GnuTLS: Unable to load internal DH Params." 322 " Shutting down."); 323 exit(-1); 324 } 325 } 326 apr_pool_clear(tpool); 327 328 pdata.data = NULL; 329 pdata.size = 0; 330 331 if (sc_base->rsa_params_file) 332 pdata = load_params(sc_base->rsa_params_file, s, tpool); 333 334 if (pdata.size != 0) { 335 gnutls_rsa_params_init(&rsa_params); 336 rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata, 337 GNUTLS_X509_FMT_PEM); 338 if (rv != 0) { 339 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 340 "GnuTLS: Unable to load RSA Params: (%d) %s", 341 rv, gnutls_strerror(rv)); 342 exit(rv); 343 } 344 } 345 /* not an error but RSA-EXPORT ciphersuites are not available 257 258 if (rv < 0) { 259 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, 260 "GnuTLS: Unable to load DH Params: (%d) %s", 261 rv, gnutls_strerror(rv)); 262 exit(rv); 263 } 264 } else dh_params = sc_base->dh_params; 265 266 if (sc_base->rsa_params != NULL) 267 rsa_params = sc_base->rsa_params; 268 269 /* else not an error but RSA-EXPORT ciphersuites are not available 346 270 */ 347 271 348 apr_pool_destroy(tpool);349 272 rv = mgs_cache_post_config(p, s, sc_base); 350 273 if (rv != 0) { … … 356 279 357 280 for (s = base_server; s; s = s->next) { 281 void *load = NULL; 358 282 sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config, 359 283 &gnutls_module); … … 368 292 exit(-1); 369 293 } 370 371 if (rsa_params != NULL)372 gnutls_certificate_set_rsa_export_params(sc->certs,373 rsa_params);374 294 375 if (dh_params != NULL) /* not needed but anyway */ 376 gnutls_certificate_set_dh_params(sc->certs, dh_params); 377 378 379 gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params); 295 /* Check if DH or RSA params have been set per host */ 296 if (sc->rsa_params != NULL) 297 load = sc->rsa_params; 298 else if (rsa_params) load = rsa_params; 299 300 if (load != NULL) 301 gnutls_certificate_set_rsa_export_params(sc->certs, load); 302 303 304 load = NULL; 305 if (sc->dh_params != NULL) 306 load = sc->dh_params; 307 else if (dh_params) load = dh_params; 308 309 if (load != NULL) { /* not needed but anyway */ 310 gnutls_certificate_set_dh_params(sc->certs, load); 311 gnutls_anon_set_server_dh_params(sc->anon_creds, load); 312 } 380 313 381 314 gnutls_certificate_server_set_retrieve_function(sc->certs,
Note: See TracChangeset
for help on using the changeset viewer.