diff --git a/src/main.c b/src/main.c index d2f407b..46a7ed1 100644 --- a/src/main.c +++ b/src/main.c @@ -1103,6 +1103,7 @@ typedef enum OptNumber { #ifdef USE_TLS , cTLSkey /* --tls-key */ , cTLScert /* --tls-cert */ + , cTLSdhparams /* --tls-dhparams */ , cTLStrustdir /* --tls-trustdirectory */ , cTLStrustfile /* --tls-trustfile */ , cTLScrlfile /* --tls-crlfile */ @@ -1491,13 +1492,18 @@ static Option aOptions[] " Use as the x509 keyfile, default is '" TLS_DEFAULT_KEYFILE "'.\n" " If relative, is interpreted relative to .\n" } - , { 0, "tls-cert", cTLScert, MY_TRUE , " --tls-cert \n" , " --tls-cert \n" " Use as the x509 certfile, default is '" TLS_DEFAULT_CERTFILE "'.\n" " If relative, is interpreted relative to .\n" } + , { 0, "tls-dhparams", cTLSdhparams, MY_TRUE + , " --tls-dhparams \n" + , " --tls-dhparams \n" + " Use as the dhparams for TLS, default is '" TLS_DEFAULT_DHPARAMS "'.\n" + " If relative, is interpreted relative to .\n" + } , { 0, "tls-trustfile", cTLStrustfile, MY_TRUE , " --tls-trustfile \n" , " Use as the filename holding your trusted PEM certificates.\n" @@ -2695,6 +2701,12 @@ eval_arg (int eOption, const char * pValue) tls_certfile = strdup(pValue); break; + case cTLSdhparams: + if (tls_dhparams != NULL) + free(tls_dhparams); + tls_dhparams = strdup(pValue); + break; + case cTLStrustdir: if (tls_trustdirectory != NULL) free(tls_trustdirectory); diff --git a/src/pkg-tls.c b/src/pkg-tls.c index 9183d70..3f46187 100644 --- a/src/pkg-tls.c +++ b/src/pkg-tls.c @@ -64,6 +64,7 @@ char * tls_keyfile = NULL; char * tls_certfile = NULL; +char * tls_dhparams = NULL; char * tls_trustfile = NULL; char * tls_trustdirectory = NULL; char * tls_crlfile = NULL; @@ -105,30 +106,31 @@ set_dhparams (void) */ { - DH *p; + BIO *bio; + char *file = tls_dhparams ? tls_dhparams : TLS_DEFAULT_DHPARAMS; - if (dhparams != NULL) - return MY_TRUE; - - debug_message("%s Generating DH parameters with %d bits. Please wait.\n", time_stamp(), DH_BITS); + if (dhparams != NULL) return MY_TRUE; + if ((bio = BIO_new_file(file, "r")) == NULL) { + debug_message("%s DH params file \"%s\" not found or unusable.", + time_stamp(), file); + } else { + dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + if (dhparams != NULL) return MY_TRUE; + } + debug_message("%s Generating DH parameters with %d bits. Please wait.\n", + time_stamp(), DH_BITS); #if 0 DSA *dsaparams; dsaparams = DSA_generate_parameters(DH_BITS, NULL, 0, NULL, NULL, 0, NULL); - if (dsaparams == NULL) return MY_FALSE; - - p = DSA_dup_DH(dsaparams); + dhparams = DSA_dup_DH(dsaparams); DSA_free(dsaparams); #else - p = DH_generate_parameters(DH_BITS, 3, NULL, NULL); + dhparams = DH_generate_parameters(DH_BITS, 3, NULL, NULL); #endif - debug_message("%s Generation %s.\n", time_stamp(), p? "completed": "failed"); - if (p == NULL) - return MY_FALSE; - - dhparams = p; - return MY_TRUE; + debug_message("%s Generation %s.\n", time_stamp(), dhparams? "completed": "failed"); + return dhparams == NULL ? MY_FALSE : MY_TRUE; } /* set_dhparams() */ /*-------------------------------------------------------------------------*/ diff --git a/src/pkg-tls.h b/src/pkg-tls.h index 57b08a1..61b44f1 100644 --- a/src/pkg-tls.h +++ b/src/pkg-tls.h @@ -29,12 +29,14 @@ typedef gnutls_session tls_session_t; #define TLS_DEFAULT_KEYFILE "key.pem" #define TLS_DEFAULT_CERTFILE "cert.pem" +#define TLS_DEFAULT_DHPARAMS "dhparams.pem" #define TLS_DEFAULT_TRUSTDIRECTORY "/etc/ssl/certs" /* --- Variables --- */ extern char * tls_keyfile; extern char * tls_certfile; +extern char * tls_dhparams; extern char * tls_trustdirectory; extern char * tls_trustfile; extern char * tls_crlfile; diff --git a/src/version.sh b/src/version.sh index bfb6220..5c3f509 100644 --- a/src/version.sh +++ b/src/version.sh @@ -17,7 +17,7 @@ version_longtype="stable" # A timestamp, to be used by bumpversion and other scripts. # It can be used, for example, to 'touch' this file on every build, thus # forcing revision control systems to add it on every checkin automatically. -version_stamp="Wed Mar 1 16:59:51 CET 2017" +version_stamp="Wed Mar 1 17:44:57 CET 2017" # Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x version_major=4