mirror of
git://git.psyced.org/git/psyclpc
synced 2024-08-15 03:20:16 +00:00
add support for --tls-dhparams
This commit is contained in:
parent
a3f7701017
commit
b5a7e60008
4 changed files with 33 additions and 17 deletions
14
src/main.c
14
src/main.c
|
@ -1103,6 +1103,7 @@ typedef enum OptNumber {
|
||||||
#ifdef USE_TLS
|
#ifdef USE_TLS
|
||||||
, cTLSkey /* --tls-key */
|
, cTLSkey /* --tls-key */
|
||||||
, cTLScert /* --tls-cert */
|
, cTLScert /* --tls-cert */
|
||||||
|
, cTLSdhparams /* --tls-dhparams */
|
||||||
, cTLStrustdir /* --tls-trustdirectory */
|
, cTLStrustdir /* --tls-trustdirectory */
|
||||||
, cTLStrustfile /* --tls-trustfile */
|
, cTLStrustfile /* --tls-trustfile */
|
||||||
, cTLScrlfile /* --tls-crlfile */
|
, cTLScrlfile /* --tls-crlfile */
|
||||||
|
@ -1491,13 +1492,18 @@ static Option aOptions[]
|
||||||
" Use <pathname> as the x509 keyfile, default is '" TLS_DEFAULT_KEYFILE "'.\n"
|
" Use <pathname> as the x509 keyfile, default is '" TLS_DEFAULT_KEYFILE "'.\n"
|
||||||
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
||||||
}
|
}
|
||||||
|
|
||||||
, { 0, "tls-cert", cTLScert, MY_TRUE
|
, { 0, "tls-cert", cTLScert, MY_TRUE
|
||||||
, " --tls-cert <pathname>\n"
|
, " --tls-cert <pathname>\n"
|
||||||
, " --tls-cert <pathname>\n"
|
, " --tls-cert <pathname>\n"
|
||||||
" Use <pathname> as the x509 certfile, default is '" TLS_DEFAULT_CERTFILE "'.\n"
|
" Use <pathname> as the x509 certfile, default is '" TLS_DEFAULT_CERTFILE "'.\n"
|
||||||
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
||||||
}
|
}
|
||||||
|
, { 0, "tls-dhparams", cTLSdhparams, MY_TRUE
|
||||||
|
, " --tls-dhparams <pathname>\n"
|
||||||
|
, " --tls-dhparams <pathname>\n"
|
||||||
|
" Use <pathname> as the dhparams for TLS, default is '" TLS_DEFAULT_DHPARAMS "'.\n"
|
||||||
|
" If relative, <pathname> is interpreted relative to <mudlib>.\n"
|
||||||
|
}
|
||||||
, { 0, "tls-trustfile", cTLStrustfile, MY_TRUE
|
, { 0, "tls-trustfile", cTLStrustfile, MY_TRUE
|
||||||
, " --tls-trustfile <pathname>\n"
|
, " --tls-trustfile <pathname>\n"
|
||||||
, " Use <pathname> as the filename holding your trusted PEM certificates.\n"
|
, " Use <pathname> as the filename holding your trusted PEM certificates.\n"
|
||||||
|
@ -2695,6 +2701,12 @@ eval_arg (int eOption, const char * pValue)
|
||||||
tls_certfile = strdup(pValue);
|
tls_certfile = strdup(pValue);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case cTLSdhparams:
|
||||||
|
if (tls_dhparams != NULL)
|
||||||
|
free(tls_dhparams);
|
||||||
|
tls_dhparams = strdup(pValue);
|
||||||
|
break;
|
||||||
|
|
||||||
case cTLStrustdir:
|
case cTLStrustdir:
|
||||||
if (tls_trustdirectory != NULL)
|
if (tls_trustdirectory != NULL)
|
||||||
free(tls_trustdirectory);
|
free(tls_trustdirectory);
|
||||||
|
|
|
@ -64,6 +64,7 @@
|
||||||
|
|
||||||
char * tls_keyfile = NULL;
|
char * tls_keyfile = NULL;
|
||||||
char * tls_certfile = NULL;
|
char * tls_certfile = NULL;
|
||||||
|
char * tls_dhparams = NULL;
|
||||||
char * tls_trustfile = NULL;
|
char * tls_trustfile = NULL;
|
||||||
char * tls_trustdirectory = NULL;
|
char * tls_trustdirectory = NULL;
|
||||||
char * tls_crlfile = NULL;
|
char * tls_crlfile = NULL;
|
||||||
|
@ -105,30 +106,31 @@ set_dhparams (void)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
{
|
{
|
||||||
DH *p;
|
BIO *bio;
|
||||||
|
char *file = tls_dhparams ? tls_dhparams : TLS_DEFAULT_DHPARAMS;
|
||||||
|
|
||||||
if (dhparams != NULL)
|
if (dhparams != NULL) return MY_TRUE;
|
||||||
return MY_TRUE;
|
if ((bio = BIO_new_file(file, "r")) == NULL) {
|
||||||
|
debug_message("%s DH params file \"%s\" not found or unusable.",
|
||||||
debug_message("%s Generating DH parameters with %d bits. Please wait.\n", time_stamp(), DH_BITS);
|
time_stamp(), file);
|
||||||
|
} else {
|
||||||
|
dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||||
|
if (dhparams != NULL) return MY_TRUE;
|
||||||
|
}
|
||||||
|
debug_message("%s Generating DH parameters with %d bits. Please wait.\n",
|
||||||
|
time_stamp(), DH_BITS);
|
||||||
#if 0
|
#if 0
|
||||||
DSA *dsaparams;
|
DSA *dsaparams;
|
||||||
dsaparams = DSA_generate_parameters(DH_BITS, NULL, 0, NULL, NULL, 0, NULL);
|
dsaparams = DSA_generate_parameters(DH_BITS, NULL, 0, NULL, NULL, 0, NULL);
|
||||||
|
|
||||||
if (dsaparams == NULL)
|
if (dsaparams == NULL)
|
||||||
return MY_FALSE;
|
return MY_FALSE;
|
||||||
|
dhparams = DSA_dup_DH(dsaparams);
|
||||||
p = DSA_dup_DH(dsaparams);
|
|
||||||
DSA_free(dsaparams);
|
DSA_free(dsaparams);
|
||||||
#else
|
#else
|
||||||
p = DH_generate_parameters(DH_BITS, 3, NULL, NULL);
|
dhparams = DH_generate_parameters(DH_BITS, 3, NULL, NULL);
|
||||||
#endif
|
#endif
|
||||||
debug_message("%s Generation %s.\n", time_stamp(), p? "completed": "failed");
|
debug_message("%s Generation %s.\n", time_stamp(), dhparams? "completed": "failed");
|
||||||
if (p == NULL)
|
return dhparams == NULL ? MY_FALSE : MY_TRUE;
|
||||||
return MY_FALSE;
|
|
||||||
|
|
||||||
dhparams = p;
|
|
||||||
return MY_TRUE;
|
|
||||||
} /* set_dhparams() */
|
} /* set_dhparams() */
|
||||||
|
|
||||||
/*-------------------------------------------------------------------------*/
|
/*-------------------------------------------------------------------------*/
|
||||||
|
|
|
@ -29,12 +29,14 @@ typedef gnutls_session tls_session_t;
|
||||||
|
|
||||||
#define TLS_DEFAULT_KEYFILE "key.pem"
|
#define TLS_DEFAULT_KEYFILE "key.pem"
|
||||||
#define TLS_DEFAULT_CERTFILE "cert.pem"
|
#define TLS_DEFAULT_CERTFILE "cert.pem"
|
||||||
|
#define TLS_DEFAULT_DHPARAMS "dhparams.pem"
|
||||||
#define TLS_DEFAULT_TRUSTDIRECTORY "/etc/ssl/certs"
|
#define TLS_DEFAULT_TRUSTDIRECTORY "/etc/ssl/certs"
|
||||||
|
|
||||||
/* --- Variables --- */
|
/* --- Variables --- */
|
||||||
|
|
||||||
extern char * tls_keyfile;
|
extern char * tls_keyfile;
|
||||||
extern char * tls_certfile;
|
extern char * tls_certfile;
|
||||||
|
extern char * tls_dhparams;
|
||||||
extern char * tls_trustdirectory;
|
extern char * tls_trustdirectory;
|
||||||
extern char * tls_trustfile;
|
extern char * tls_trustfile;
|
||||||
extern char * tls_crlfile;
|
extern char * tls_crlfile;
|
||||||
|
|
|
@ -17,7 +17,7 @@ version_longtype="stable"
|
||||||
# A timestamp, to be used by bumpversion and other scripts.
|
# A timestamp, to be used by bumpversion and other scripts.
|
||||||
# It can be used, for example, to 'touch' this file on every build, thus
|
# It can be used, for example, to 'touch' this file on every build, thus
|
||||||
# forcing revision control systems to add it on every checkin automatically.
|
# forcing revision control systems to add it on every checkin automatically.
|
||||||
version_stamp="Wed Mar 1 16:59:51 CET 2017"
|
version_stamp="Wed Mar 1 17:44:57 CET 2017"
|
||||||
|
|
||||||
# Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
|
# Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
|
||||||
version_major=4
|
version_major=4
|
||||||
|
|
Loading…
Reference in a new issue