better handling of RSAFile and DHFile

author: Nokis Mavrogiannopoulos 2007-12-03 18:26:23 +0000
committer: Nokis Mavrogiannopoulos 2007-12-03 18:26:23 +0000
commit: 16d0fc76a6981f3f2562cdcade76179e9805dfd8 (patch)
tree: e43ac10d8d663abc12c958695243485398c1e6a9 /src/gnutls_hooks.c
parent: 7854add288a2b22a072d430460a21ebac547fb37 (diff)
1 files changed, 33 insertions, 100 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 55f8e5f..7b7e2b3 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -84,48 +84,6 @@ mgs_hook_pre_config(apr_pool_t * pconf,
    return OK;
 }
-static gnutls_datum
-load_params(const char *file, server_rec * s, apr_pool_t * pool)
-{
-    gnutls_datum ret = { NULL, 0 };
-    apr_file_t *fp;
-    apr_finfo_t finfo;
-    apr_status_t rv;
-    apr_size_t br = 0;
-    rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT,
-                       pool);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
-                     "GnuTLS failed to load params file at: %s. Will use internal params.",
-                     file);
-        return ret;
-    }
-    rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
-                     "GnuTLS failed to stat params file at: %s", file);
-        return ret;
-    }
-    ret.data = apr_palloc(pool, finfo.size + 1);
-    rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
-                     "GnuTLS failed to read params file at: %s", file);
-        return ret;
-    }
-    apr_file_close(fp);
-    ret.data[br] = '\0';
-    ret.size = br;
-    return ret;
-}
 /* We don't support openpgp certificates, yet */
 const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 };
@@ -284,68 +242,33 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
    {
-        gnutls_datum pdata = { NULL, 0 };
-        apr_pool_t *tpool;
        s = base_server;
        sc_base =
            (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
                                                     &gnutls_module);
-        apr_pool_create(&tpool, p);
        gnutls_dh_params_init(&dh_params);
-        if (sc_base->dh_params_file)
+        if (sc_base->dh_params == NULL) {
-            pdata = load_params(sc_base->dh_params_file, s, tpool);
+            gnutls_datum pdata = { (void *) static_dh_params, sizeof(static_dh_params) };
+            /* loading defaults */
-        if (pdata.size != 0) {
+            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
-            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
-                                               GNUTLS_X509_FMT_PEM);
-            if (rv != 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                             "GnuTLS: Unable to load DH Params: (%d) %s",
-                             rv, gnutls_strerror(rv));
-                exit(rv);
-            }
-        } else {
-            /* If the file does not exist use internal parameters
-             */
-            pdata.data = (void *) static_dh_params;
-            pdata.size = sizeof(static_dh_params);
-            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
                                               GNUTLS_X509_FMT_PEM);
-            if (rv < 0) {
+            if (rv < 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                             "GnuTLS: Unable to load internal DH Params."
+                     "GnuTLS: Unable to load DH Params: (%d) %s",
-                             " Shutting down.");
+                     rv, gnutls_strerror(rv));
-                exit(-1);
+                exit(rv);
-            }
+            }
-        }
+        } else dh_params = sc_base->dh_params;
-        apr_pool_clear(tpool);
+        if (sc_base->rsa_params != NULL) 
-        pdata.data = NULL;
+            rsa_params = sc_base->rsa_params;
-        pdata.size = 0;
+        /* else not an error but RSA-EXPORT ciphersuites are not available 
-        if (sc_base->rsa_params_file)
-            pdata = load_params(sc_base->rsa_params_file, s, tpool);
-        if (pdata.size != 0) {
-            gnutls_rsa_params_init(&rsa_params);
-            rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata,
-                                                GNUTLS_X509_FMT_PEM);
-            if (rv != 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                             "GnuTLS: Unable to load RSA Params: (%d) %s",
-                             rv, gnutls_strerror(rv));
-                exit(rv);
-            }
-        }
-        /* not an error but RSA-EXPORT ciphersuites are not available 
         */
-        apr_pool_destroy(tpool);
        rv = mgs_cache_post_config(p, s, sc_base);
        if (rv != 0) {
            ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
@@ -355,6 +278,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
        }
        for (s = base_server; s; s = s->next) {
+            void *load = NULL;
            sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
                                                          &gnutls_module);
            sc->cache_type = sc_base->cache_type;
@@ -367,16 +291,25 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
                             s->server_hostname, s->port);
                exit(-1);
            }
-            if (rsa_params != NULL)
-                gnutls_certificate_set_rsa_export_params(sc->certs,
-                                                         rsa_params);
            
-            if (dh_params != NULL) /* not needed but anyway */
+            /* Check if DH or RSA params have been set per host */
-                gnutls_certificate_set_dh_params(sc->certs, dh_params);
+            if (sc->rsa_params != NULL)
+                load = sc->rsa_params;
+            else if (rsa_params) load = rsa_params;
+            
+            if (load != NULL)
+                gnutls_certificate_set_rsa_export_params(sc->certs, load);
-            gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);
+            load = NULL;
+            if (sc->dh_params != NULL)
+                load = sc->dh_params;
+            else if (dh_params) load = dh_params;
+            
+            if (load != NULL) { /* not needed but anyway */
+                gnutls_certificate_set_dh_params(sc->certs, load);
+                gnutls_anon_set_server_dh_params(sc->anon_creds, load);
+            }
            gnutls_certificate_server_set_retrieve_function(sc->certs,
                                                            cert_retrieve_fn);
author	Nokis Mavrogiannopoulos	2007-12-03 18:26:23 +0000
committer	Nokis Mavrogiannopoulos	2007-12-03 18:26:23 +0000
commit	16d0fc76a6981f3f2562cdcade76179e9805dfd8 (patch)
tree	e43ac10d8d663abc12c958695243485398c1e6a9 /src/gnutls_hooks.c
parent	7854add288a2b22a072d430460a21ebac547fb37 (diff)

diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 55f8e5f..7b7e2b3 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c
@@ -84,48 +84,6 @@ mgs_hook_pre_config(apr_pool_t * pconf,
84	return OK;	84	return OK;
85	}	85	}
86		86
87
88	static gnutls_datum
89	load_params(const char file, server_rec s, apr_pool_t * pool)
90	{
91	gnutls_datum ret = { NULL, 0 };
92	apr_file_t *fp;
93	apr_finfo_t finfo;
94	apr_status_t rv;
95	apr_size_t br = 0;
96
97	rv = apr_file_open(&fp, file, APR_READ \| APR_BINARY, APR_OS_DEFAULT,
98	pool);
99	if (rv != APR_SUCCESS) {
100	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
101	"GnuTLS failed to load params file at: %s. Will use internal params.",
102	file);
103	return ret;
104	}
105
106	rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
107
108	if (rv != APR_SUCCESS) {
109	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
110	"GnuTLS failed to stat params file at: %s", file);
111	return ret;
112	}
113
114	ret.data = apr_palloc(pool, finfo.size + 1);
115	rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
116
117	if (rv != APR_SUCCESS) {
118	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
119	"GnuTLS failed to read params file at: %s", file);
120	return ret;
121	}
122	apr_file_close(fp);
123	ret.data[br] = '\0';
124	ret.size = br;
125
126	return ret;
127	}
128
129	/* We don't support openpgp certificates, yet */	87	/* We don't support openpgp certificates, yet */
130	const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 };	88	const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 };
131		89
@@ -284,68 +242,33 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
284		242
285		243
286	{	244	{
287	gnutls_datum pdata = { NULL, 0 };
288	apr_pool_t *tpool;
289	s = base_server;	245	s = base_server;
290	sc_base =	246	sc_base =
291	(mgs_srvconf_rec *) ap_get_module_config(s->module_config,	247	(mgs_srvconf_rec *) ap_get_module_config(s->module_config,
292	&gnutls_module);	248	&gnutls_module);
293		249
294	apr_pool_create(&tpool, p);
295
296
297	gnutls_dh_params_init(&dh_params);	250	gnutls_dh_params_init(&dh_params);
298		251
299	if (sc_base->dh_params_file)	252	if (sc_base->dh_params == NULL) {
300	pdata = load_params(sc_base->dh_params_file, s, tpool);	253	gnutls_datum pdata = { (void *) static_dh_params, sizeof(static_dh_params) };
301		254	/* loading defaults */
302	if (pdata.size != 0) {	255	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
303	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
304	GNUTLS_X509_FMT_PEM);
305	if (rv != 0) {
306	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
307	"GnuTLS: Unable to load DH Params: (%d) %s",
308	rv, gnutls_strerror(rv));
309	exit(rv);
310	}
311	} else {
312	/* If the file does not exist use internal parameters
313	*/
314	pdata.data = (void *) static_dh_params;
315	pdata.size = sizeof(static_dh_params);
316	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
317	GNUTLS_X509_FMT_PEM);	256	GNUTLS_X509_FMT_PEM);
318		257
319	if (rv < 0) {	258	if (rv < 0) {
320	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,	259	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
321	"GnuTLS: Unable to load internal DH Params."	260	"GnuTLS: Unable to load DH Params: (%d) %s",
322	" Shutting down.");	261	rv, gnutls_strerror(rv));
323	exit(-1);	262	exit(rv);
324	}	263	}
325	}	264	} else dh_params = sc_base->dh_params;
326	apr_pool_clear(tpool);	265
327		266	if (sc_base->rsa_params != NULL)
328	pdata.data = NULL;	267	rsa_params = sc_base->rsa_params;
329	pdata.size = 0;	268
330		269	/* else not an error but RSA-EXPORT ciphersuites are not available
331	if (sc_base->rsa_params_file)
332	pdata = load_params(sc_base->rsa_params_file, s, tpool);
333
334	if (pdata.size != 0) {
335	gnutls_rsa_params_init(&rsa_params);
336	rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata,
337	GNUTLS_X509_FMT_PEM);
338	if (rv != 0) {
339	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
340	"GnuTLS: Unable to load RSA Params: (%d) %s",
341	rv, gnutls_strerror(rv));
342	exit(rv);
343	}
344	}
345	/* not an error but RSA-EXPORT ciphersuites are not available
346	*/	270	*/
347		271
348	apr_pool_destroy(tpool);
349	rv = mgs_cache_post_config(p, s, sc_base);	272	rv = mgs_cache_post_config(p, s, sc_base);
350	if (rv != 0) {	273	if (rv != 0) {
351	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,	274	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
@@ -355,6 +278,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
355	}	278	}
356		279
357	for (s = base_server; s; s = s->next) {	280	for (s = base_server; s; s = s->next) {
		281	void *load = NULL;
358	sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,	282	sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
359	&gnutls_module);	283	&gnutls_module);
360	sc->cache_type = sc_base->cache_type;	284	sc->cache_type = sc_base->cache_type;
@@ -367,16 +291,25 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
367	s->server_hostname, s->port);	291	s->server_hostname, s->port);
368	exit(-1);	292	exit(-1);
369	}	293	}
370
371	if (rsa_params != NULL)
372	gnutls_certificate_set_rsa_export_params(sc->certs,
373	rsa_params);
374		294
375	if (dh_params != NULL) /* not needed but anyway */	295	/* Check if DH or RSA params have been set per host */
376	gnutls_certificate_set_dh_params(sc->certs, dh_params);	296	if (sc->rsa_params != NULL)
		297	load = sc->rsa_params;
		298	else if (rsa_params) load = rsa_params;
		299
		300	if (load != NULL)
		301	gnutls_certificate_set_rsa_export_params(sc->certs, load);
377		302
378		303
379	gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);	304	load = NULL;
		305	if (sc->dh_params != NULL)
		306	load = sc->dh_params;
		307	else if (dh_params) load = dh_params;
		308
		309	if (load != NULL) { /* not needed but anyway */
		310	gnutls_certificate_set_dh_params(sc->certs, load);
		311	gnutls_anon_set_server_dh_params(sc->anon_creds, load);
		312	}
380		313
381	gnutls_certificate_server_set_retrieve_function(sc->certs,	314	gnutls_certificate_server_set_retrieve_function(sc->certs,
382	cert_retrieve_fn);	315	cert_retrieve_fn);