No more defaults for dhparams, rsaparams. Check for GnuTLSPriorities.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2007-12-02 23:12:23 (GMT)
committer: Nokis Mavrogiannopoulos <nmav@gnutls.org> 2007-12-02 23:12:23 (GMT)
commit: e239d1af4ae9ea7b8a5f58cf77f897482469b31a (patch)
tree: af5eb5008d919f722c63eb4d280bf3518add1abc /src/gnutls_hooks.c
parent: ea470be2a191d7f1d713f64cc64f44f905999c03 (diff)
1 files changed, 25 insertions, 10 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index e3edba2..62e51aa 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -97,7 +97,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool)
    rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT,
                       pool);
    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
                     "GnuTLS failed to load params file at: %s. Will use internal params.",
                     file);
        return ret;
@@ -106,7 +106,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool)
    rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
                     "GnuTLS failed to stat params file at: %s", file);
        return ret;
    }
@@ -115,7 +115,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool)
    rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,
+        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
                     "GnuTLS failed to read params file at: %s", file);
        return ret;
    }
@@ -266,8 +266,8 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
 {
    int rv;
    server_rec *s;
-    gnutls_dh_params_t dh_params;
+    gnutls_dh_params_t dh_params = NULL;
-    gnutls_rsa_params_t rsa_params;
+    gnutls_rsa_params_t rsa_params = NULL;
    mgs_srvconf_rec *sc;
    mgs_srvconf_rec *sc_base;
    void *data = NULL;
@@ -284,7 +284,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
    {
-        gnutls_datum pdata;
+        gnutls_datum pdata = { NULL, 0 };
        apr_pool_t *tpool;
        s = base_server;
        sc_base =
@@ -293,9 +293,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
        apr_pool_create(&tpool, p);
        gnutls_dh_params_init(&dh_params);
-        pdata = load_params(sc_base->dh_params_file, s, tpool);
+        if (sc_base->dh_params_file)
+            pdata = load_params(sc_base->dh_params_file, s, tpool);
        if (pdata.size != 0) {
            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
@@ -323,9 +325,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
        }
        apr_pool_clear(tpool);
-        rsa_params = NULL;
+        pdata.data = NULL;
+        pdata.size = 0;
-        pdata = load_params(sc_base->rsa_params_file, s, tpool);
+        if (sc_base->rsa_params_file)
+            pdata = load_params(sc_base->rsa_params_file, s, tpool);
        if (pdata.size != 0) {
            gnutls_rsa_params_init(&rsa_params);
@@ -356,10 +360,21 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
            sc->cache_type = sc_base->cache_type;
            sc->cache_config = sc_base->cache_config;
+            /* Check if the priorities have been set */
+            if (sc->priorities == NULL) {
+                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                     "GnuTLS: Host '%s:%d' is missing the GnuTLSPriorities directive!",
+                             s->server_hostname, s->port);
+                exit(-1);
+            }
            if (rsa_params != NULL)
                gnutls_certificate_set_rsa_export_params(sc->certs,
                                                         rsa_params);
-            gnutls_certificate_set_dh_params(sc->certs, dh_params);
+            
+            if (dh_params != NULL) /* not needed but anyway */
+                gnutls_certificate_set_dh_params(sc->certs, dh_params);
            gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2007-12-02 23:12:23 (GMT)
committer	Nokis Mavrogiannopoulos <nmav@gnutls.org>	2007-12-02 23:12:23 (GMT)
commit	e239d1af4ae9ea7b8a5f58cf77f897482469b31a (patch)
tree	af5eb5008d919f722c63eb4d280bf3518add1abc /src/gnutls_hooks.c
parent	ea470be2a191d7f1d713f64cc64f44f905999c03 (diff)

diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e3edba2..62e51aa 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c
@@ -97,7 +97,7 @@ load_params(const char file, server_rec s, apr_pool_t * pool)
97	rv = apr_file_open(&fp, file, APR_READ \| APR_BINARY, APR_OS_DEFAULT,	97	rv = apr_file_open(&fp, file, APR_READ \| APR_BINARY, APR_OS_DEFAULT,
98	pool);	98	pool);
99	if (rv != APR_SUCCESS) {	99	if (rv != APR_SUCCESS) {
100	ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,	100	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
101	"GnuTLS failed to load params file at: %s. Will use internal params.",	101	"GnuTLS failed to load params file at: %s. Will use internal params.",
102	file);	102	file);
103	return ret;	103	return ret;
@@ -106,7 +106,7 @@ load_params(const char file, server_rec s, apr_pool_t * pool)
106	rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);	106	rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
107		107
108	if (rv != APR_SUCCESS) {	108	if (rv != APR_SUCCESS) {
109	ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,	109	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
110	"GnuTLS failed to stat params file at: %s", file);	110	"GnuTLS failed to stat params file at: %s", file);
111	return ret;	111	return ret;
112	}	112	}
@@ -115,7 +115,7 @@ load_params(const char file, server_rec s, apr_pool_t * pool)
115	rv = apr_file_read_full(fp, ret.data, finfo.size, &br);	115	rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
116		116
117	if (rv != APR_SUCCESS) {	117	if (rv != APR_SUCCESS) {
118	ap_log_error(APLOG_MARK, APLOG_INFO, rv, s,	118	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
119	"GnuTLS failed to read params file at: %s", file);	119	"GnuTLS failed to read params file at: %s", file);
120	return ret;	120	return ret;
121	}	121	}
@@ -266,8 +266,8 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
266	{	266	{
267	int rv;	267	int rv;
268	server_rec *s;	268	server_rec *s;
269	gnutls_dh_params_t dh_params;	269	gnutls_dh_params_t dh_params = NULL;
270	gnutls_rsa_params_t rsa_params;	270	gnutls_rsa_params_t rsa_params = NULL;
271	mgs_srvconf_rec *sc;	271	mgs_srvconf_rec *sc;
272	mgs_srvconf_rec *sc_base;	272	mgs_srvconf_rec *sc_base;
273	void *data = NULL;	273	void *data = NULL;
@@ -284,7 +284,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
284		284
285		285
286	{	286	{
287	gnutls_datum pdata;	287	gnutls_datum pdata = { NULL, 0 };
288	apr_pool_t *tpool;	288	apr_pool_t *tpool;
289	s = base_server;	289	s = base_server;
290	sc_base =	290	sc_base =
@@ -293,9 +293,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
293		293
294	apr_pool_create(&tpool, p);	294	apr_pool_create(&tpool, p);
295		295
		296
296	gnutls_dh_params_init(&dh_params);	297	gnutls_dh_params_init(&dh_params);
297		298
298	pdata = load_params(sc_base->dh_params_file, s, tpool);	299	if (sc_base->dh_params_file)
		300	pdata = load_params(sc_base->dh_params_file, s, tpool);
299		301
300	if (pdata.size != 0) {	302	if (pdata.size != 0) {
301	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,	303	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
@@ -323,9 +325,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
323	}	325	}
324	apr_pool_clear(tpool);	326	apr_pool_clear(tpool);
325		327
326	rsa_params = NULL;	328	pdata.data = NULL;
		329	pdata.size = 0;
327		330
328	pdata = load_params(sc_base->rsa_params_file, s, tpool);	331	if (sc_base->rsa_params_file)
		332	pdata = load_params(sc_base->rsa_params_file, s, tpool);
329		333
330	if (pdata.size != 0) {	334	if (pdata.size != 0) {
331	gnutls_rsa_params_init(&rsa_params);	335	gnutls_rsa_params_init(&rsa_params);
@@ -356,10 +360,21 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
356	sc->cache_type = sc_base->cache_type;	360	sc->cache_type = sc_base->cache_type;
357	sc->cache_config = sc_base->cache_config;	361	sc->cache_config = sc_base->cache_config;
358		362
		363	/* Check if the priorities have been set */
		364	if (sc->priorities == NULL) {
		365	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
		366	"GnuTLS: Host '%s:%d' is missing the GnuTLSPriorities directive!",
		367	s->server_hostname, s->port);
		368	exit(-1);
		369	}
		370
359	if (rsa_params != NULL)	371	if (rsa_params != NULL)
360	gnutls_certificate_set_rsa_export_params(sc->certs,	372	gnutls_certificate_set_rsa_export_params(sc->certs,
361	rsa_params);	373	rsa_params);
362	gnutls_certificate_set_dh_params(sc->certs, dh_params);	374
		375	if (dh_params != NULL) /* not needed but anyway */
		376	gnutls_certificate_set_dh_params(sc->certs, dh_params);
		377
363		378
364	gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);	379	gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);
365		380