aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nokis Mavrogiannopoulos 2007-12-02 23:12:23 +0000
committerGravatar Nokis Mavrogiannopoulos 2007-12-02 23:12:23 +0000
commitb9e8b128b130caec34a05f0ea506f2c1c759a386 (patch)
treeaf5eb5008d919f722c63eb4d280bf3518add1abc
parent421bad90160111f2470565540db237351b5a3963 (diff)
No more defaults for dhparams, rsaparams. Check for GnuTLSPriorities.
-rw-r--r--src/gnutls_config.c3
-rw-r--r--src/gnutls_hooks.c35
-rw-r--r--src/mod_gnutls.c2
3 files changed, 26 insertions, 14 deletions
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index 3771e04..697dae1 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -367,9 +367,6 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s)
367 sc->cache_type = mgs_cache_dbm; 367 sc->cache_type = mgs_cache_dbm;
368 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); 368 sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache");
369 369
370 sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile");
371 sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile");
372
373 sc->client_verify_mode = GNUTLS_CERT_IGNORE; 370 sc->client_verify_mode = GNUTLS_CERT_IGNORE;
374 371
375 return sc; 372 return sc;
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index e3edba2..62e51aa 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -97,7 +97,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool)
97 rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT, 97 rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT,
98 pool); 98 pool);
99 if (rv != APR_SUCCESS) { 99 if (rv != APR_SUCCESS) {
100 ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, 100 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
101 "GnuTLS failed to load params file at: %s. Will use internal params.", 101 "GnuTLS failed to load params file at: %s. Will use internal params.",
102 file); 102 file);
103 return ret; 103 return ret;
@@ -106,7 +106,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool)
106 rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); 106 rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
107 107
108 if (rv != APR_SUCCESS) { 108 if (rv != APR_SUCCESS) {
109 ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, 109 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
110 "GnuTLS failed to stat params file at: %s", file); 110 "GnuTLS failed to stat params file at: %s", file);
111 return ret; 111 return ret;
112 } 112 }
@@ -115,7 +115,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool)
115 rv = apr_file_read_full(fp, ret.data, finfo.size, &br); 115 rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
116 116
117 if (rv != APR_SUCCESS) { 117 if (rv != APR_SUCCESS) {
118 ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, 118 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
119 "GnuTLS failed to read params file at: %s", file); 119 "GnuTLS failed to read params file at: %s", file);
120 return ret; 120 return ret;
121 } 121 }
@@ -266,8 +266,8 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
266{ 266{
267 int rv; 267 int rv;
268 server_rec *s; 268 server_rec *s;
269 gnutls_dh_params_t dh_params; 269 gnutls_dh_params_t dh_params = NULL;
270 gnutls_rsa_params_t rsa_params; 270 gnutls_rsa_params_t rsa_params = NULL;
271 mgs_srvconf_rec *sc; 271 mgs_srvconf_rec *sc;
272 mgs_srvconf_rec *sc_base; 272 mgs_srvconf_rec *sc_base;
273 void *data = NULL; 273 void *data = NULL;
@@ -284,7 +284,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
284 284
285 285
286 { 286 {
287 gnutls_datum pdata; 287 gnutls_datum pdata = { NULL, 0 };
288 apr_pool_t *tpool; 288 apr_pool_t *tpool;
289 s = base_server; 289 s = base_server;
290 sc_base = 290 sc_base =
@@ -293,9 +293,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
293 293
294 apr_pool_create(&tpool, p); 294 apr_pool_create(&tpool, p);
295 295
296
296 gnutls_dh_params_init(&dh_params); 297 gnutls_dh_params_init(&dh_params);
297 298
298 pdata = load_params(sc_base->dh_params_file, s, tpool); 299 if (sc_base->dh_params_file)
300 pdata = load_params(sc_base->dh_params_file, s, tpool);
299 301
300 if (pdata.size != 0) { 302 if (pdata.size != 0) {
301 rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, 303 rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
@@ -323,9 +325,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
323 } 325 }
324 apr_pool_clear(tpool); 326 apr_pool_clear(tpool);
325 327
326 rsa_params = NULL; 328 pdata.data = NULL;
329 pdata.size = 0;
327 330
328 pdata = load_params(sc_base->rsa_params_file, s, tpool); 331 if (sc_base->rsa_params_file)
332 pdata = load_params(sc_base->rsa_params_file, s, tpool);
329 333
330 if (pdata.size != 0) { 334 if (pdata.size != 0) {
331 gnutls_rsa_params_init(&rsa_params); 335 gnutls_rsa_params_init(&rsa_params);
@@ -356,10 +360,21 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
356 sc->cache_type = sc_base->cache_type; 360 sc->cache_type = sc_base->cache_type;
357 sc->cache_config = sc_base->cache_config; 361 sc->cache_config = sc_base->cache_config;
358 362
363 /* Check if the priorities have been set */
364 if (sc->priorities == NULL) {
365 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
366 "GnuTLS: Host '%s:%d' is missing the GnuTLSPriorities directive!",
367 s->server_hostname, s->port);
368 exit(-1);
369 }
370
359 if (rsa_params != NULL) 371 if (rsa_params != NULL)
360 gnutls_certificate_set_rsa_export_params(sc->certs, 372 gnutls_certificate_set_rsa_export_params(sc->certs,
361 rsa_params); 373 rsa_params);
362 gnutls_certificate_set_dh_params(sc->certs, dh_params); 374
375 if (dh_params != NULL) /* not needed but anyway */
376 gnutls_certificate_set_dh_params(sc->certs, dh_params);
377
363 378
364 gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params); 379 gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);
365 380
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index f9291f1..a6e5528 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -99,7 +99,7 @@ static const command_rec mgs_config_cmds[] = {
99 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, 99 AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities,
100 NULL, 100 NULL,
101 RSRC_CONF, 101 RSRC_CONF,
102 "The priorities to enable (ciphers, Key exchange, macs, compression)"), 102 "The priorities to enable (ciphers, Key exchange, macs, compression)."),
103 AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, 103 AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled,
104 NULL, 104 NULL,
105 RSRC_CONF, 105 RSRC_CONF,