diff options
author | Nikos Mavrogiannopoulos | 2007-12-02 23:12:23 +0000 |
---|---|---|
committer | Nokis Mavrogiannopoulos | 2007-12-02 23:12:23 +0000 |
commit | e239d1af4ae9ea7b8a5f58cf77f897482469b31a (patch) | |
tree | af5eb5008d919f722c63eb4d280bf3518add1abc | |
parent | ea470be2a191d7f1d713f64cc64f44f905999c03 (diff) |
No more defaults for dhparams, rsaparams. Check for GnuTLSPriorities.
-rw-r--r-- | src/gnutls_config.c | 3 | ||||
-rw-r--r-- | src/gnutls_hooks.c | 35 | ||||
-rw-r--r-- | src/mod_gnutls.c | 2 |
3 files changed, 26 insertions, 14 deletions
diff --git a/src/gnutls_config.c b/src/gnutls_config.c index 3771e04..697dae1 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c | |||
@@ -367,9 +367,6 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) | |||
367 | sc->cache_type = mgs_cache_dbm; | 367 | sc->cache_type = mgs_cache_dbm; |
368 | sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); | 368 | sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); |
369 | 369 | ||
370 | sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile"); | ||
371 | sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile"); | ||
372 | |||
373 | sc->client_verify_mode = GNUTLS_CERT_IGNORE; | 370 | sc->client_verify_mode = GNUTLS_CERT_IGNORE; |
374 | 371 | ||
375 | return sc; | 372 | return sc; |
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e3edba2..62e51aa 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
@@ -97,7 +97,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool) | |||
97 | rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT, | 97 | rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT, |
98 | pool); | 98 | pool); |
99 | if (rv != APR_SUCCESS) { | 99 | if (rv != APR_SUCCESS) { |
100 | ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, | 100 | ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, |
101 | "GnuTLS failed to load params file at: %s. Will use internal params.", | 101 | "GnuTLS failed to load params file at: %s. Will use internal params.", |
102 | file); | 102 | file); |
103 | return ret; | 103 | return ret; |
@@ -106,7 +106,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool) | |||
106 | rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); | 106 | rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); |
107 | 107 | ||
108 | if (rv != APR_SUCCESS) { | 108 | if (rv != APR_SUCCESS) { |
109 | ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, | 109 | ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, |
110 | "GnuTLS failed to stat params file at: %s", file); | 110 | "GnuTLS failed to stat params file at: %s", file); |
111 | return ret; | 111 | return ret; |
112 | } | 112 | } |
@@ -115,7 +115,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool) | |||
115 | rv = apr_file_read_full(fp, ret.data, finfo.size, &br); | 115 | rv = apr_file_read_full(fp, ret.data, finfo.size, &br); |
116 | 116 | ||
117 | if (rv != APR_SUCCESS) { | 117 | if (rv != APR_SUCCESS) { |
118 | ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, | 118 | ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, |
119 | "GnuTLS failed to read params file at: %s", file); | 119 | "GnuTLS failed to read params file at: %s", file); |
120 | return ret; | 120 | return ret; |
121 | } | 121 | } |
@@ -266,8 +266,8 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
266 | { | 266 | { |
267 | int rv; | 267 | int rv; |
268 | server_rec *s; | 268 | server_rec *s; |
269 | gnutls_dh_params_t dh_params; | 269 | gnutls_dh_params_t dh_params = NULL; |
270 | gnutls_rsa_params_t rsa_params; | 270 | gnutls_rsa_params_t rsa_params = NULL; |
271 | mgs_srvconf_rec *sc; | 271 | mgs_srvconf_rec *sc; |
272 | mgs_srvconf_rec *sc_base; | 272 | mgs_srvconf_rec *sc_base; |
273 | void *data = NULL; | 273 | void *data = NULL; |
@@ -284,7 +284,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
284 | 284 | ||
285 | 285 | ||
286 | { | 286 | { |
287 | gnutls_datum pdata; | 287 | gnutls_datum pdata = { NULL, 0 }; |
288 | apr_pool_t *tpool; | 288 | apr_pool_t *tpool; |
289 | s = base_server; | 289 | s = base_server; |
290 | sc_base = | 290 | sc_base = |
@@ -293,9 +293,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
293 | 293 | ||
294 | apr_pool_create(&tpool, p); | 294 | apr_pool_create(&tpool, p); |
295 | 295 | ||
296 | |||
296 | gnutls_dh_params_init(&dh_params); | 297 | gnutls_dh_params_init(&dh_params); |
297 | 298 | ||
298 | pdata = load_params(sc_base->dh_params_file, s, tpool); | 299 | if (sc_base->dh_params_file) |
300 | pdata = load_params(sc_base->dh_params_file, s, tpool); | ||
299 | 301 | ||
300 | if (pdata.size != 0) { | 302 | if (pdata.size != 0) { |
301 | rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, | 303 | rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, |
@@ -323,9 +325,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
323 | } | 325 | } |
324 | apr_pool_clear(tpool); | 326 | apr_pool_clear(tpool); |
325 | 327 | ||
326 | rsa_params = NULL; | 328 | pdata.data = NULL; |
329 | pdata.size = 0; | ||
327 | 330 | ||
328 | pdata = load_params(sc_base->rsa_params_file, s, tpool); | 331 | if (sc_base->rsa_params_file) |
332 | pdata = load_params(sc_base->rsa_params_file, s, tpool); | ||
329 | 333 | ||
330 | if (pdata.size != 0) { | 334 | if (pdata.size != 0) { |
331 | gnutls_rsa_params_init(&rsa_params); | 335 | gnutls_rsa_params_init(&rsa_params); |
@@ -356,10 +360,21 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
356 | sc->cache_type = sc_base->cache_type; | 360 | sc->cache_type = sc_base->cache_type; |
357 | sc->cache_config = sc_base->cache_config; | 361 | sc->cache_config = sc_base->cache_config; |
358 | 362 | ||
363 | /* Check if the priorities have been set */ | ||
364 | if (sc->priorities == NULL) { | ||
365 | ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, | ||
366 | "GnuTLS: Host '%s:%d' is missing the GnuTLSPriorities directive!", | ||
367 | s->server_hostname, s->port); | ||
368 | exit(-1); | ||
369 | } | ||
370 | |||
359 | if (rsa_params != NULL) | 371 | if (rsa_params != NULL) |
360 | gnutls_certificate_set_rsa_export_params(sc->certs, | 372 | gnutls_certificate_set_rsa_export_params(sc->certs, |
361 | rsa_params); | 373 | rsa_params); |
362 | gnutls_certificate_set_dh_params(sc->certs, dh_params); | 374 | |
375 | if (dh_params != NULL) /* not needed but anyway */ | ||
376 | gnutls_certificate_set_dh_params(sc->certs, dh_params); | ||
377 | |||
363 | 378 | ||
364 | gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params); | 379 | gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params); |
365 | 380 | ||
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index f9291f1..a6e5528 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
@@ -99,7 +99,7 @@ static const command_rec mgs_config_cmds[] = { | |||
99 | AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, | 99 | AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, |
100 | NULL, | 100 | NULL, |
101 | RSRC_CONF, | 101 | RSRC_CONF, |
102 | "The priorities to enable (ciphers, Key exchange, macs, compression)"), | 102 | "The priorities to enable (ciphers, Key exchange, macs, compression)."), |
103 | AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, | 103 | AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, |
104 | NULL, | 104 | NULL, |
105 | RSRC_CONF, | 105 | RSRC_CONF, |