diff options
| author |  Nokis Mavrogiannopoulos
| 2007-12-02 23:12:23 +0000 |
|---|---|---|
| committer | Nokis Mavrogiannopoulos
| 2007-12-02 23:12:23 +0000 |
| commit | b9e8b128b130caec34a05f0ea506f2c1c759a386 (patch) | |
| tree | af5eb5008d919f722c63eb4d280bf3518add1abc | |
| parent | 421bad90160111f2470565540db237351b5a3963 (diff) | |
No more defaults for dhparams, rsaparams. Check for GnuTLSPriorities.
| -rw-r--r-- | src/gnutls_config.c | 3 | ||||
| -rw-r--r-- | src/gnutls_hooks.c | 35 | ||||
| -rw-r--r-- | src/mod_gnutls.c | 2 |
3 files changed, 26 insertions, 14 deletions
diff --git a/src/gnutls_config.c b/src/gnutls_config.c index 3771e04..697dae1 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c | |||
| @@ -367,9 +367,6 @@ void *mgs_config_server_create(apr_pool_t * p, server_rec * s) | |||
| 367 | sc->cache_type = mgs_cache_dbm; | 367 | sc->cache_type = mgs_cache_dbm; |
| 368 | sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); | 368 | sc->cache_config = ap_server_root_relative(p, "conf/gnutls_cache"); |
| 369 | 369 | ||
| 370 | sc->dh_params_file = ap_server_root_relative(p, "conf/dhfile"); | ||
| 371 | sc->rsa_params_file = ap_server_root_relative(p, "conf/rsafile"); | ||
| 372 | |||
| 373 | sc->client_verify_mode = GNUTLS_CERT_IGNORE; | 370 | sc->client_verify_mode = GNUTLS_CERT_IGNORE; |
| 374 | 371 | ||
| 375 | return sc; | 372 | return sc; |
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index e3edba2..62e51aa 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c | |||
| @@ -97,7 +97,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool) | |||
| 97 | rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT, | 97 | rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT, |
| 98 | pool); | 98 | pool); |
| 99 | if (rv != APR_SUCCESS) { | 99 | if (rv != APR_SUCCESS) { |
| 100 | ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, | 100 | ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, |
| 101 | "GnuTLS failed to load params file at: %s. Will use internal params.", | 101 | "GnuTLS failed to load params file at: %s. Will use internal params.", |
| 102 | file); | 102 | file); |
| 103 | return ret; | 103 | return ret; |
| @@ -106,7 +106,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool) | |||
| 106 | rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); | 106 | rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); |
| 107 | 107 | ||
| 108 | if (rv != APR_SUCCESS) { | 108 | if (rv != APR_SUCCESS) { |
| 109 | ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, | 109 | ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, |
| 110 | "GnuTLS failed to stat params file at: %s", file); | 110 | "GnuTLS failed to stat params file at: %s", file); |
| 111 | return ret; | 111 | return ret; |
| 112 | } | 112 | } |
| @@ -115,7 +115,7 @@ load_params(const char *file, server_rec * s, apr_pool_t * pool) | |||
| 115 | rv = apr_file_read_full(fp, ret.data, finfo.size, &br); | 115 | rv = apr_file_read_full(fp, ret.data, finfo.size, &br); |
| 116 | 116 | ||
| 117 | if (rv != APR_SUCCESS) { | 117 | if (rv != APR_SUCCESS) { |
| 118 | ap_log_error(APLOG_MARK, APLOG_INFO, rv, s, | 118 | ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s, |
| 119 | "GnuTLS failed to read params file at: %s", file); | 119 | "GnuTLS failed to read params file at: %s", file); |
| 120 | return ret; | 120 | return ret; |
| 121 | } | 121 | } |
| @@ -266,8 +266,8 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 266 | { | 266 | { |
| 267 | int rv; | 267 | int rv; |
| 268 | server_rec *s; | 268 | server_rec *s; |
| 269 | gnutls_dh_params_t dh_params; | 269 | gnutls_dh_params_t dh_params = NULL; |
| 270 | gnutls_rsa_params_t rsa_params; | 270 | gnutls_rsa_params_t rsa_params = NULL; |
| 271 | mgs_srvconf_rec *sc; | 271 | mgs_srvconf_rec *sc; |
| 272 | mgs_srvconf_rec *sc_base; | 272 | mgs_srvconf_rec *sc_base; |
| 273 | void *data = NULL; | 273 | void *data = NULL; |
| @@ -284,7 +284,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 284 | 284 | ||
| 285 | 285 | ||
| 286 | { | 286 | { |
| 287 | gnutls_datum pdata; | 287 | gnutls_datum pdata = { NULL, 0 }; |
| 288 | apr_pool_t *tpool; | 288 | apr_pool_t *tpool; |
| 289 | s = base_server; | 289 | s = base_server; |
| 290 | sc_base = | 290 | sc_base = |
| @@ -293,9 +293,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 293 | 293 | ||
| 294 | apr_pool_create(&tpool, p); | 294 | apr_pool_create(&tpool, p); |
| 295 | 295 | ||
| 296 | |||
| 296 | gnutls_dh_params_init(&dh_params); | 297 | gnutls_dh_params_init(&dh_params); |
| 297 | 298 | ||
| 298 | pdata = load_params(sc_base->dh_params_file, s, tpool); | 299 | if (sc_base->dh_params_file) |
| 300 | pdata = load_params(sc_base->dh_params_file, s, tpool); | ||
| 299 | 301 | ||
| 300 | if (pdata.size != 0) { | 302 | if (pdata.size != 0) { |
| 301 | rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, | 303 | rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata, |
| @@ -323,9 +325,11 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 323 | } | 325 | } |
| 324 | apr_pool_clear(tpool); | 326 | apr_pool_clear(tpool); |
| 325 | 327 | ||
| 326 | rsa_params = NULL; | 328 | pdata.data = NULL; |
| 329 | pdata.size = 0; | ||
| 327 | 330 | ||
| 328 | pdata = load_params(sc_base->rsa_params_file, s, tpool); | 331 | if (sc_base->rsa_params_file) |
| 332 | pdata = load_params(sc_base->rsa_params_file, s, tpool); | ||
| 329 | 333 | ||
| 330 | if (pdata.size != 0) { | 334 | if (pdata.size != 0) { |
| 331 | gnutls_rsa_params_init(&rsa_params); | 335 | gnutls_rsa_params_init(&rsa_params); |
| @@ -356,10 +360,21 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog, | |||
| 356 | sc->cache_type = sc_base->cache_type; | 360 | sc->cache_type = sc_base->cache_type; |
| 357 | sc->cache_config = sc_base->cache_config; | 361 | sc->cache_config = sc_base->cache_config; |
| 358 | 362 | ||
| 363 | /* Check if the priorities have been set */ | ||
| 364 | if (sc->priorities == NULL) { | ||
| 365 | ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, | ||
| 366 | "GnuTLS: Host '%s:%d' is missing the GnuTLSPriorities directive!", | ||
| 367 | s->server_hostname, s->port); | ||
| 368 | exit(-1); | ||
| 369 | } | ||
| 370 | |||
| 359 | if (rsa_params != NULL) | 371 | if (rsa_params != NULL) |
| 360 | gnutls_certificate_set_rsa_export_params(sc->certs, | 372 | gnutls_certificate_set_rsa_export_params(sc->certs, |
| 361 | rsa_params); | 373 | rsa_params); |
| 362 | gnutls_certificate_set_dh_params(sc->certs, dh_params); | 374 | |
| 375 | if (dh_params != NULL) /* not needed but anyway */ | ||
| 376 | gnutls_certificate_set_dh_params(sc->certs, dh_params); | ||
| 377 | |||
| 363 | 378 | ||
| 364 | gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params); | 379 | gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params); |
| 365 | 380 | ||
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index f9291f1..a6e5528 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c | |||
| @@ -99,7 +99,7 @@ static const command_rec mgs_config_cmds[] = { | |||
| 99 | AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, | 99 | AP_INIT_RAW_ARGS("GnuTLSPriorities", mgs_set_priorities, |
| 100 | NULL, | 100 | NULL, |
| 101 | RSRC_CONF, | 101 | RSRC_CONF, |
| 102 | "The priorities to enable (ciphers, Key exchange, macs, compression)"), | 102 | "The priorities to enable (ciphers, Key exchange, macs, compression)."), |
| 103 | AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, | 103 | AP_INIT_TAKE1("GnuTLSEnable", mgs_set_enabled, |
| 104 | NULL, | 104 | NULL, |
| 105 | RSRC_CONF, | 105 | RSRC_CONF, |