4 files changed, 85 insertions, 106 deletions
diff --git a/NEWS b/NEWS
index 9392872..81a6954 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE
 - The compatibility mode can now be enabled explicitely with the
 %COMPAT keyword at the GnuTLSPriorities string. It is no longer the default.
- Check for GnuTLSPriorities directive.
+- Check for GnuTLSPriorities directive. This corrects a segfault. Thanks
+to David Hrbáč.
+- Better handling of GnuTLSDHFile and GnuTLSRSAFile.
 - No longer default paths for RSA and DH parameter files.
diff --git a/include/mod_gnutls.h.in b/include/mod_gnutls.h.in
index 11c35aa..6a311a3 100644
--- a/include/mod_gnutls.h.in
+++ b/include/mod_gnutls.h.in
@@ -96,11 +96,11 @@ typedef struct
     */
    int export_certificates_enabled;
    gnutls_priority_t priorities;
+    gnutls_rsa_params_t rsa_params;
+    gnutls_dh_params_t dh_params;
    int cache_timeout;
    mgs_cache_e cache_type;
    const char* cache_config;
-    const char* rsa_params_file;
-    const char* dh_params_file;
    const char* srp_tpasswd_file;
    const char* srp_tpasswd_conf_file;
    gnutls_x509_crt_t ca_list[MAX_CA_CRTS];
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index 697dae1..22e8fbc 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -54,12 +54,34 @@ static int load_datum_from_file(apr_pool_t * pool,
 const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
                            const char *arg)
 {
+    int ret;
+    gnutls_datum_t data;
+    const char *file;
+    apr_pool_t *spool;
    mgs_srvconf_rec *sc =
        (mgs_srvconf_rec *) ap_get_module_config(parms->server->
                                                 module_config,
                                                 &gnutls_module);
-    sc->dh_params_file = ap_server_root_relative(parms->pool, arg);
+    apr_pool_create(&spool, parms->pool);
+    file = ap_server_root_relative(spool, arg);
+    if (load_datum_from_file(spool, file, &data) != 0) {
+        return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
+                            "DH params '%s'", file);
+    }
+    gnutls_dh_params_init(&sc->dh_params);
+    ret =
+        gnutls_dh_params_import_pkcs3(sc->dh_params, &data, GNUTLS_X509_FMT_PEM);
+    if (ret != 0) {
+        return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
+                            "DH params '%s': (%d) %s", file, ret,
+                            gnutls_strerror(ret));
+    }
+    apr_pool_destroy(spool);
    return NULL;
 }
@@ -67,13 +89,34 @@ const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
 const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy,
                                    const char *arg)
 {
+    int ret;
+    gnutls_datum_t data;
+    const char *file;
+    apr_pool_t *spool;
    mgs_srvconf_rec *sc =
        (mgs_srvconf_rec *) ap_get_module_config(parms->server->
                                                 module_config,
                                                 &gnutls_module);
-    sc->rsa_params_file = ap_server_root_relative(parms->pool, arg);
+    apr_pool_create(&spool, parms->pool);
+    file = ap_server_root_relative(spool, arg);
+    if (load_datum_from_file(spool, file, &data) != 0) {
+        return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
+                            "RSA params '%s'", file);
+    }
+    gnutls_rsa_params_init(&sc->rsa_params);
+    ret =
+        gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, GNUTLS_X509_FMT_PEM);
+    if (ret != 0) {
+        return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
+                            "RSA params '%s': (%d) %s", file, ret,
+                            gnutls_strerror(ret));
+    }
+    apr_pool_destroy(spool);
    return NULL;
 }
@@ -103,7 +146,7 @@ const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
        gnutls_x509_crt_import(sc->cert_x509, &data, GNUTLS_X509_FMT_PEM);
    if (ret != 0) {
        return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
-                            "Certificate'%s': (%d) %s", file, ret,
+                            "Certificate '%s': (%d) %s", file, ret,
                            gnutls_strerror(ret));
    }
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 55f8e5f..7b7e2b3 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -84,48 +84,6 @@ mgs_hook_pre_config(apr_pool_t * pconf,
    return OK;
 }
-static gnutls_datum
-load_params(const char *file, server_rec * s, apr_pool_t * pool)
-{
-    gnutls_datum ret = { NULL, 0 };
-    apr_file_t *fp;
-    apr_finfo_t finfo;
-    apr_status_t rv;
-    apr_size_t br = 0;
-    rv = apr_file_open(&fp, file, APR_READ | APR_BINARY, APR_OS_DEFAULT,
-                       pool);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
-                     "GnuTLS failed to load params file at: %s. Will use internal params.",
-                     file);
-        return ret;
-    }
-    rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
-                     "GnuTLS failed to stat params file at: %s", file);
-        return ret;
-    }
-    ret.data = apr_palloc(pool, finfo.size + 1);
-    rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
-    if (rv != APR_SUCCESS) {
-        ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
-                     "GnuTLS failed to read params file at: %s", file);
-        return ret;
-    }
-    apr_file_close(fp);
-    ret.data[br] = '\0';
-    ret.size = br;
-    return ret;
-}
 /* We don't support openpgp certificates, yet */
 const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 };
@@ -284,68 +242,33 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
    {
-        gnutls_datum pdata = { NULL, 0 };
-        apr_pool_t *tpool;
        s = base_server;
        sc_base =
            (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
                                                     &gnutls_module);
-        apr_pool_create(&tpool, p);
        gnutls_dh_params_init(&dh_params);
-        if (sc_base->dh_params_file)
+        if (sc_base->dh_params == NULL) {
-            pdata = load_params(sc_base->dh_params_file, s, tpool);
+            gnutls_datum pdata = { (void *) static_dh_params, sizeof(static_dh_params) };
+            /* loading defaults */
-        if (pdata.size != 0) {
+            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
-            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
-                                               GNUTLS_X509_FMT_PEM);
-            if (rv != 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                             "GnuTLS: Unable to load DH Params: (%d) %s",
-                             rv, gnutls_strerror(rv));
-                exit(rv);
-            }
-        } else {
-            /* If the file does not exist use internal parameters
-             */
-            pdata.data = (void *) static_dh_params;
-            pdata.size = sizeof(static_dh_params);
-            rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
                                               GNUTLS_X509_FMT_PEM);
-            if (rv < 0) {
+            if (rv < 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                             "GnuTLS: Unable to load internal DH Params."
+                     "GnuTLS: Unable to load DH Params: (%d) %s",
-                             " Shutting down.");
+                     rv, gnutls_strerror(rv));
-                exit(-1);
+                exit(rv);
-            }
+            }
-        }
+        } else dh_params = sc_base->dh_params;
-        apr_pool_clear(tpool);
+        if (sc_base->rsa_params != NULL) 
-        pdata.data = NULL;
+            rsa_params = sc_base->rsa_params;
-        pdata.size = 0;
+        /* else not an error but RSA-EXPORT ciphersuites are not available 
-        if (sc_base->rsa_params_file)
-            pdata = load_params(sc_base->rsa_params_file, s, tpool);
-        if (pdata.size != 0) {
-            gnutls_rsa_params_init(&rsa_params);
-            rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata,
-                                                GNUTLS_X509_FMT_PEM);
-            if (rv != 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                             "GnuTLS: Unable to load RSA Params: (%d) %s",
-                             rv, gnutls_strerror(rv));
-                exit(rv);
-            }
-        }
-        /* not an error but RSA-EXPORT ciphersuites are not available 
         */
-        apr_pool_destroy(tpool);
        rv = mgs_cache_post_config(p, s, sc_base);
        if (rv != 0) {
            ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
@@ -355,6 +278,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
        }
        for (s = base_server; s; s = s->next) {
+            void *load = NULL;
            sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
                                                          &gnutls_module);
            sc->cache_type = sc_base->cache_type;
@@ -367,16 +291,25 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
                             s->server_hostname, s->port);
                exit(-1);
            }
-            if (rsa_params != NULL)
-                gnutls_certificate_set_rsa_export_params(sc->certs,
-                                                         rsa_params);
            
-            if (dh_params != NULL) /* not needed but anyway */
+            /* Check if DH or RSA params have been set per host */
-                gnutls_certificate_set_dh_params(sc->certs, dh_params);
+            if (sc->rsa_params != NULL)
+                load = sc->rsa_params;
+            else if (rsa_params) load = rsa_params;
+            
+            if (load != NULL)
+                gnutls_certificate_set_rsa_export_params(sc->certs, load);
-            gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);
+            load = NULL;
+            if (sc->dh_params != NULL)
+                load = sc->dh_params;
+            else if (dh_params) load = dh_params;
+            
+            if (load != NULL) { /* not needed but anyway */
+                gnutls_certificate_set_dh_params(sc->certs, load);
+                gnutls_anon_set_server_dh_params(sc->anon_creds, load);
+            }
            gnutls_certificate_server_set_retrieve_function(sc->certs,
                                                            cert_retrieve_fn);

diff --git a/NEWS b/NEWS index 9392872..81a6954 100644 --- a/NEWS +++ b/NEWS
@@ -9,6 +9,9 @@ SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE
9	- The compatibility mode can now be enabled explicitely with the	9	- The compatibility mode can now be enabled explicitely with the
10	%COMPAT keyword at the GnuTLSPriorities string. It is no longer the default.	10	%COMPAT keyword at the GnuTLSPriorities string. It is no longer the default.
11		11
12	- Check for GnuTLSPriorities directive.	12	- Check for GnuTLSPriorities directive. This corrects a segfault. Thanks
		13	to David Hrbáč.
		14
		15	- Better handling of GnuTLSDHFile and GnuTLSRSAFile.
13		16
14	- No longer default paths for RSA and DH parameter files.	17	- No longer default paths for RSA and DH parameter files.


diff --git a/include/mod_gnutls.h.in b/include/mod_gnutls.h.in index 11c35aa..6a311a3 100644 --- a/include/mod_gnutls.h.in +++ b/include/mod_gnutls.h.in
@@ -96,11 +96,11 @@ typedef struct
96	*/	96	*/
97	int export_certificates_enabled;	97	int export_certificates_enabled;
98	gnutls_priority_t priorities;	98	gnutls_priority_t priorities;
		99	gnutls_rsa_params_t rsa_params;
		100	gnutls_dh_params_t dh_params;
99	int cache_timeout;	101	int cache_timeout;
100	mgs_cache_e cache_type;	102	mgs_cache_e cache_type;
101	const char* cache_config;	103	const char* cache_config;
102	const char* rsa_params_file;
103	const char* dh_params_file;
104	const char* srp_tpasswd_file;	104	const char* srp_tpasswd_file;
105	const char* srp_tpasswd_conf_file;	105	const char* srp_tpasswd_conf_file;
106	gnutls_x509_crt_t ca_list[MAX_CA_CRTS];	106	gnutls_x509_crt_t ca_list[MAX_CA_CRTS];


diff --git a/src/gnutls_config.c b/src/gnutls_config.c index 697dae1..22e8fbc 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c
@@ -54,12 +54,34 @@ static int load_datum_from_file(apr_pool_t * pool,
54	const char mgs_set_dh_file(cmd_parms parms, void *dummy,	54	const char mgs_set_dh_file(cmd_parms parms, void *dummy,
55	const char *arg)	55	const char *arg)
56	{	56	{
		57	int ret;
		58	gnutls_datum_t data;
		59	const char *file;
		60	apr_pool_t *spool;
57	mgs_srvconf_rec *sc =	61	mgs_srvconf_rec *sc =
58	(mgs_srvconf_rec *) ap_get_module_config(parms->server->	62	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
59	module_config,	63	module_config,
60	&gnutls_module);	64	&gnutls_module);
61		65
62	sc->dh_params_file = ap_server_root_relative(parms->pool, arg);	66	apr_pool_create(&spool, parms->pool);
		67
		68	file = ap_server_root_relative(spool, arg);
		69
		70	if (load_datum_from_file(spool, file, &data) != 0) {
		71	return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
		72	"DH params '%s'", file);
		73	}
		74
		75	gnutls_dh_params_init(&sc->dh_params);
		76	ret =
		77	gnutls_dh_params_import_pkcs3(sc->dh_params, &data, GNUTLS_X509_FMT_PEM);
		78	if (ret != 0) {
		79	return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
		80	"DH params '%s': (%d) %s", file, ret,
		81	gnutls_strerror(ret));
		82	}
		83
		84	apr_pool_destroy(spool);
63		85
64	return NULL;	86	return NULL;
65	}	87	}
@@ -67,13 +89,34 @@ const char mgs_set_dh_file(cmd_parms parms, void *dummy,
67	const char mgs_set_rsa_export_file(cmd_parms parms, void *dummy,	89	const char mgs_set_rsa_export_file(cmd_parms parms, void *dummy,
68	const char *arg)	90	const char *arg)
69	{	91	{
		92	int ret;
		93	gnutls_datum_t data;
		94	const char *file;
		95	apr_pool_t *spool;
70	mgs_srvconf_rec *sc =	96	mgs_srvconf_rec *sc =
71	(mgs_srvconf_rec *) ap_get_module_config(parms->server->	97	(mgs_srvconf_rec *) ap_get_module_config(parms->server->
72	module_config,	98	module_config,
73	&gnutls_module);	99	&gnutls_module);
74		100
75	sc->rsa_params_file = ap_server_root_relative(parms->pool, arg);	101	apr_pool_create(&spool, parms->pool);
		102
		103	file = ap_server_root_relative(spool, arg);
		104
		105	if (load_datum_from_file(spool, file, &data) != 0) {
		106	return apr_psprintf(parms->pool, "GnuTLS: Error Reading "
		107	"RSA params '%s'", file);
		108	}
		109
		110	gnutls_rsa_params_init(&sc->rsa_params);
		111	ret =
		112	gnutls_rsa_params_import_pkcs1(sc->rsa_params, &data, GNUTLS_X509_FMT_PEM);
		113	if (ret != 0) {
		114	return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
		115	"RSA params '%s': (%d) %s", file, ret,
		116	gnutls_strerror(ret));
		117	}
76		118
		119	apr_pool_destroy(spool);
77	return NULL;	120	return NULL;
78	}	121	}
79		122
@@ -103,7 +146,7 @@ const char mgs_set_cert_file(cmd_parms parms, void *dummy,
103	gnutls_x509_crt_import(sc->cert_x509, &data, GNUTLS_X509_FMT_PEM);	146	gnutls_x509_crt_import(sc->cert_x509, &data, GNUTLS_X509_FMT_PEM);
104	if (ret != 0) {	147	if (ret != 0) {
105	return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "	148	return apr_psprintf(parms->pool, "GnuTLS: Failed to Import "
106	"Certificate'%s': (%d) %s", file, ret,	149	"Certificate '%s': (%d) %s", file, ret,
107	gnutls_strerror(ret));	150	gnutls_strerror(ret));
108	}	151	}
109		152


diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 55f8e5f..7b7e2b3 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c
@@ -84,48 +84,6 @@ mgs_hook_pre_config(apr_pool_t * pconf,
84	return OK;	84	return OK;
85	}	85	}
86		86
87
88	static gnutls_datum
89	load_params(const char file, server_rec s, apr_pool_t * pool)
90	{
91	gnutls_datum ret = { NULL, 0 };
92	apr_file_t *fp;
93	apr_finfo_t finfo;
94	apr_status_t rv;
95	apr_size_t br = 0;
96
97	rv = apr_file_open(&fp, file, APR_READ \| APR_BINARY, APR_OS_DEFAULT,
98	pool);
99	if (rv != APR_SUCCESS) {
100	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
101	"GnuTLS failed to load params file at: %s. Will use internal params.",
102	file);
103	return ret;
104	}
105
106	rv = apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
107
108	if (rv != APR_SUCCESS) {
109	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
110	"GnuTLS failed to stat params file at: %s", file);
111	return ret;
112	}
113
114	ret.data = apr_palloc(pool, finfo.size + 1);
115	rv = apr_file_read_full(fp, ret.data, finfo.size, &br);
116
117	if (rv != APR_SUCCESS) {
118	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
119	"GnuTLS failed to read params file at: %s", file);
120	return ret;
121	}
122	apr_file_close(fp);
123	ret.data[br] = '\0';
124	ret.size = br;
125
126	return ret;
127	}
128
129	/* We don't support openpgp certificates, yet */	87	/* We don't support openpgp certificates, yet */
130	const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 };	88	const static int cert_type_prio[2] = { GNUTLS_CRT_X509, 0 };
131		89
@@ -284,68 +242,33 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
284		242
285		243
286	{	244	{
287	gnutls_datum pdata = { NULL, 0 };
288	apr_pool_t *tpool;
289	s = base_server;	245	s = base_server;
290	sc_base =	246	sc_base =
291	(mgs_srvconf_rec *) ap_get_module_config(s->module_config,	247	(mgs_srvconf_rec *) ap_get_module_config(s->module_config,
292	&gnutls_module);	248	&gnutls_module);
293		249
294	apr_pool_create(&tpool, p);
295
296
297	gnutls_dh_params_init(&dh_params);	250	gnutls_dh_params_init(&dh_params);
298		251
299	if (sc_base->dh_params_file)	252	if (sc_base->dh_params == NULL) {
300	pdata = load_params(sc_base->dh_params_file, s, tpool);	253	gnutls_datum pdata = { (void *) static_dh_params, sizeof(static_dh_params) };
301		254	/* loading defaults */
302	if (pdata.size != 0) {	255	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
303	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
304	GNUTLS_X509_FMT_PEM);
305	if (rv != 0) {
306	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
307	"GnuTLS: Unable to load DH Params: (%d) %s",
308	rv, gnutls_strerror(rv));
309	exit(rv);
310	}
311	} else {
312	/* If the file does not exist use internal parameters
313	*/
314	pdata.data = (void *) static_dh_params;
315	pdata.size = sizeof(static_dh_params);
316	rv = gnutls_dh_params_import_pkcs3(dh_params, &pdata,
317	GNUTLS_X509_FMT_PEM);	256	GNUTLS_X509_FMT_PEM);
318		257
319	if (rv < 0) {	258	if (rv < 0) {
320	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,	259	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
321	"GnuTLS: Unable to load internal DH Params."	260	"GnuTLS: Unable to load DH Params: (%d) %s",
322	" Shutting down.");	261	rv, gnutls_strerror(rv));
323	exit(-1);	262	exit(rv);
324	}	263	}
325	}	264	} else dh_params = sc_base->dh_params;
326	apr_pool_clear(tpool);	265
327		266	if (sc_base->rsa_params != NULL)
328	pdata.data = NULL;	267	rsa_params = sc_base->rsa_params;
329	pdata.size = 0;	268
330		269	/* else not an error but RSA-EXPORT ciphersuites are not available
331	if (sc_base->rsa_params_file)
332	pdata = load_params(sc_base->rsa_params_file, s, tpool);
333
334	if (pdata.size != 0) {
335	gnutls_rsa_params_init(&rsa_params);
336	rv = gnutls_rsa_params_import_pkcs1(rsa_params, &pdata,
337	GNUTLS_X509_FMT_PEM);
338	if (rv != 0) {
339	ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
340	"GnuTLS: Unable to load RSA Params: (%d) %s",
341	rv, gnutls_strerror(rv));
342	exit(rv);
343	}
344	}
345	/* not an error but RSA-EXPORT ciphersuites are not available
346	*/	270	*/
347		271
348	apr_pool_destroy(tpool);
349	rv = mgs_cache_post_config(p, s, sc_base);	272	rv = mgs_cache_post_config(p, s, sc_base);
350	if (rv != 0) {	273	if (rv != 0) {
351	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,	274	ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, s,
@@ -355,6 +278,7 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
355	}	278	}
356		279
357	for (s = base_server; s; s = s->next) {	280	for (s = base_server; s; s = s->next) {
		281	void *load = NULL;
358	sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,	282	sc = (mgs_srvconf_rec *) ap_get_module_config(s->module_config,
359	&gnutls_module);	283	&gnutls_module);
360	sc->cache_type = sc_base->cache_type;	284	sc->cache_type = sc_base->cache_type;
@@ -367,16 +291,25 @@ mgs_hook_post_config(apr_pool_t * p, apr_pool_t * plog,
367	s->server_hostname, s->port);	291	s->server_hostname, s->port);
368	exit(-1);	292	exit(-1);
369	}	293	}
370
371	if (rsa_params != NULL)
372	gnutls_certificate_set_rsa_export_params(sc->certs,
373	rsa_params);
374		294
375	if (dh_params != NULL) /* not needed but anyway */	295	/* Check if DH or RSA params have been set per host */
376	gnutls_certificate_set_dh_params(sc->certs, dh_params);	296	if (sc->rsa_params != NULL)
		297	load = sc->rsa_params;
		298	else if (rsa_params) load = rsa_params;
		299
		300	if (load != NULL)
		301	gnutls_certificate_set_rsa_export_params(sc->certs, load);
377		302
378		303
379	gnutls_anon_set_server_dh_params(sc->anon_creds, dh_params);	304	load = NULL;
		305	if (sc->dh_params != NULL)
		306	load = sc->dh_params;
		307	else if (dh_params) load = dh_params;
		308
		309	if (load != NULL) { /* not needed but anyway */
		310	gnutls_certificate_set_dh_params(sc->certs, load);
		311	gnutls_anon_set_server_dh_params(sc->anon_creds, load);
		312	}
380		313
381	gnutls_certificate_server_set_retrieve_function(sc->certs,	314	gnutls_certificate_server_set_retrieve_function(sc->certs,
382	cert_retrieve_fn);	315	cert_retrieve_fn);