mirror of git://git.psyced.org/git/psyclpc
add support for --tls-dhparams
This commit is contained in:
psyc://loupsycedyglgamf.onion/~lynX
parent
a3f7701017
commit
b5a7e60008
14
src/main.c
14
src/main.c
|
|
@ -1103,6 +1103,7 @@ typedef enum OptNumber {
|
|||
#ifdef USE_TLS
|
||||
, cTLSkey /* --tls-key */
|
||||
, cTLScert /* --tls-cert */
|
||||
, cTLSdhparams /* --tls-dhparams */
|
||||
, cTLStrustdir /* --tls-trustdirectory */
|
||||
, cTLStrustfile /* --tls-trustfile */
|
||||
, cTLScrlfile /* --tls-crlfile */
|
||||
|
|
@ -1491,13 +1492,18 @@ static Option aOptions[]
|
|||
" Use <pathname> as the x509 keyfile, default is '" TLS_DEFAULT_KEYFILE "'.\n"
|
||||
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
||||
}
|
||||
|
||||
, { 0, "tls-cert", cTLScert, MY_TRUE
|
||||
, " --tls-cert <pathname>\n"
|
||||
, " --tls-cert <pathname>\n"
|
||||
" Use <pathname> as the x509 certfile, default is '" TLS_DEFAULT_CERTFILE "'.\n"
|
||||
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
||||
}
|
||||
, { 0, "tls-dhparams", cTLSdhparams, MY_TRUE
|
||||
, " --tls-dhparams <pathname>\n"
|
||||
, " --tls-dhparams <pathname>\n"
|
||||
" Use <pathname> as the dhparams for TLS, default is '" TLS_DEFAULT_DHPARAMS "'.\n"
|
||||
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
||||
}
|
||||
, { 0, "tls-trustfile", cTLStrustfile, MY_TRUE
|
||||
, " --tls-trustfile <pathname>\n"
|
||||
, " Use <pathname> as the filename holding your trusted PEM certificates.\n"
|
||||
|
|
@ -2695,6 +2701,12 @@ eval_arg (int eOption, const char * pValue)
|
|||
tls_certfile = strdup(pValue);
|
||||
break;
|
||||
|
||||
case cTLSdhparams:
|
||||
if (tls_dhparams != NULL)
|
||||
free(tls_dhparams);
|
||||
tls_dhparams = strdup(pValue);
|
||||
break;
|
||||
|
||||
case cTLStrustdir:
|
||||
if (tls_trustdirectory != NULL)
|
||||
free(tls_trustdirectory);
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@
|
|||
|
||||
char * tls_keyfile = NULL;
|
||||
char * tls_certfile = NULL;
|
||||
char * tls_dhparams = NULL;
|
||||
char * tls_trustfile = NULL;
|
||||
char * tls_trustdirectory = NULL;
|
||||
char * tls_crlfile = NULL;
|
||||
|
|
@ -105,30 +106,31 @@ set_dhparams (void)
|
|||
*/
|
||||
|
||||
{
|
||||
DH *p;
|
||||
BIO *bio;
|
||||
char *file = tls_dhparams ? tls_dhparams : TLS_DEFAULT_DHPARAMS;
|
||||
|
||||
if (dhparams != NULL)
|
||||
return MY_TRUE;
|
||||
|
||||
debug_message("%s Generating DH parameters with %d bits. Please wait.\n", time_stamp(), DH_BITS);
|
||||
if (dhparams != NULL) return MY_TRUE;
|
||||
if ((bio = BIO_new_file(file, "r")) == NULL) {
|
||||
debug_message("%s DH params file \"%s\" not found or unusable.",
|
||||
time_stamp(), file);
|
||||
} else {
|
||||
dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||
if (dhparams != NULL) return MY_TRUE;
|
||||
}
|
||||
debug_message("%s Generating DH parameters with %d bits. Please wait.\n",
|
||||
time_stamp(), DH_BITS);
|
||||
#if 0
|
||||
DSA *dsaparams;
|
||||
dsaparams = DSA_generate_parameters(DH_BITS, NULL, 0, NULL, NULL, 0, NULL);
|
||||
|
||||
if (dsaparams == NULL)
|
||||
return MY_FALSE;
|
||||
|
||||
p = DSA_dup_DH(dsaparams);
|
||||
dhparams = DSA_dup_DH(dsaparams);
|
||||
DSA_free(dsaparams);
|
||||
#else
|
||||
p = DH_generate_parameters(DH_BITS, 3, NULL, NULL);
|
||||
dhparams = DH_generate_parameters(DH_BITS, 3, NULL, NULL);
|
||||
#endif
|
||||
debug_message("%s Generation %s.\n", time_stamp(), p? "completed": "failed");
|
||||
if (p == NULL)
|
||||
return MY_FALSE;
|
||||
|
||||
dhparams = p;
|
||||
return MY_TRUE;
|
||||
debug_message("%s Generation %s.\n", time_stamp(), dhparams? "completed": "failed");
|
||||
return dhparams == NULL ? MY_FALSE : MY_TRUE;
|
||||
} /* set_dhparams() */
|
||||
|
||||
/*-------------------------------------------------------------------------*/
|
||||
|
|
|
|||
|
|
@ -29,12 +29,14 @@ typedef gnutls_session tls_session_t;
|
|||
|
||||
#define TLS_DEFAULT_KEYFILE "key.pem"
|
||||
#define TLS_DEFAULT_CERTFILE "cert.pem"
|
||||
#define TLS_DEFAULT_DHPARAMS "dhparams.pem"
|
||||
#define TLS_DEFAULT_TRUSTDIRECTORY "/etc/ssl/certs"
|
||||
|
||||
/* --- Variables --- */
|
||||
|
||||
extern char * tls_keyfile;
|
||||
extern char * tls_certfile;
|
||||
extern char * tls_dhparams;
|
||||
extern char * tls_trustdirectory;
|
||||
extern char * tls_trustfile;
|
||||
extern char * tls_crlfile;
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ version_longtype="stable"
|
|||
# A timestamp, to be used by bumpversion and other scripts.
|
||||
# It can be used, for example, to 'touch' this file on every build, thus
|
||||
# forcing revision control systems to add it on every checkin automatically.
|
||||
version_stamp="Wed Mar 1 16:59:51 CET 2017"
|
||||
version_stamp="Wed Mar 1 17:44:57 CET 2017"
|
||||
|
||||
# Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
|
||||
version_major=4
|
||||
|
|
|
|||
Loading…
Reference in New Issue