/[hydra]/hydra/src/ssl.c
ViewVC logotype

Diff of /hydra/src/ssl.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1.1 by nmav, Sat Sep 21 13:53:23 2002 UTC revision 1.2 by nmav, Sun Sep 22 15:10:36 2002 UTC
# Line 41  static int wrap_db_store(void *dbf, gnut Line 41  static int wrap_db_store(void *dbf, gnut
41  static gnutls_datum wrap_db_fetch(void *dbf, gnutls_datum key);  static gnutls_datum wrap_db_fetch(void *dbf, gnutls_datum key);
42  static int wrap_db_delete(void *dbf, gnutls_datum key);  static int wrap_db_delete(void *dbf, gnutls_datum key);
43    
44  static gnutls_certificate_credentials credentials;  static int cur = 0; /* points to the credentials structure used */
45    static gnutls_certificate_credentials credentials[2];
46    
47  static int need_dh_params = 0; /* whether we need to generate DHE  static int need_dh_params = 0; /* whether we need to generate DHE
48   * parameters. Depend on the chosen ciphersuites.   * parameters. Depend on the chosen ciphersuites.
# Line 54  static int need_rsa_params = 0; Line 55  static int need_rsa_params = 0;
55   */   */
56  extern int ssl_dh_bits;  extern int ssl_dh_bits;
57    
58  gnutls_dh_params dh_params;  gnutls_dh_params _dh_params[2];
59  gnutls_rsa_params rsa_params;  gnutls_rsa_params _rsa_params[2];
60    
61  static int generate_dh_primes()  static int generate_dh_primes( gnutls_dh_params* dh_params)
62  {  {
63      gnutls_datum prime, generator;      gnutls_datum prime, generator;
64            
65      if (gnutls_dh_params_init( &dh_params) < 0) {      if (gnutls_dh_params_init( dh_params) < 0) {
66          log_error_time();          log_error_time();
67          fprintf(stderr, "Error in dh parameter initialization\n");          fprintf(stderr, "Error in dh parameter initialization\n");
68          exit(1);          exit(1);
# Line 81  static int generate_dh_primes() Line 82  static int generate_dh_primes()
82       }       }
83    
84       if (gnutls_dh_params_set       if (gnutls_dh_params_set
85              (dh_params, prime, generator, ssl_dh_bits) < 0) {              (*dh_params, prime, generator, ssl_dh_bits) < 0) {
86              log_error_time();              log_error_time();
87              fprintf(stderr, "Error in prime replacement\n");              fprintf(stderr, "Error in prime replacement\n");
88              exit(1);              exit(1);
# Line 99  static int generate_dh_primes() Line 100  static int generate_dh_primes()
100      return 0;      return 0;
101  }  }
102    
103  static int generate_rsa_params()  static int generate_rsa_params( gnutls_rsa_params* rsa_params)
104  {  {
105      gnutls_datum m, e, d, p, q, u;      gnutls_datum m, e, d, p, q, u;
106    
107      if (gnutls_rsa_params_init(&rsa_params) < 0) {      if (gnutls_rsa_params_init( rsa_params) < 0) {
108          log_error_time();          log_error_time();
109          fprintf(stderr, "Error in rsa parameter initialization\n");          fprintf(stderr, "Error in rsa parameter initialization\n");
110          exit(1);          exit(1);
# Line 121  static int generate_rsa_params() Line 122  static int generate_rsa_params()
122          exit(1);          exit(1);
123      }      }
124    
125      if (gnutls_rsa_params_set(rsa_params, m, e, d, p, q, u, 512) < 0) {      if (gnutls_rsa_params_set( *rsa_params, m, e, d, p, q, u, 512) < 0) {
126          log_error_time();          log_error_time();
127          fprintf(stderr, "Error in rsa parameter setting\n");          fprintf(stderr, "Error in rsa parameter setting\n");
128          exit(1);          exit(1);
# Line 175  gnutls_session initialize_ssl_session(vo Line 176  gnutls_session initialize_ssl_session(vo
176      gnutls_protocol_set_priority(state, protocol_priority);      gnutls_protocol_set_priority(state, protocol_priority);
177      gnutls_mac_set_priority(state, mac_priority);      gnutls_mac_set_priority(state, mac_priority);
178    
179      gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, credentials);      gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, credentials[ cur]);
   
180    
181      gnutls_certificate_server_set_request(state, GNUTLS_CERT_IGNORE);      gnutls_certificate_server_set_request(state, GNUTLS_CERT_IGNORE);
182    
# Line 205  int initialize_ssl(void) Line 205  int initialize_ssl(void)
205      gnutls_global_init();      gnutls_global_init();
206  /*    gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */  /*    gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */
207    
208      if (gnutls_certificate_allocate_credentials( &credentials) < 0) {      if (gnutls_certificate_allocate_credentials( &credentials[0]) < 0) {
209          log_error_time();          log_error_time();
210          fprintf(stderr, "certificate allocation error\n");          fprintf(stderr, "certificate allocation error\n");
211          exit(1);          exit(1);
212      }      }
213    
214      if (gnutls_certificate_set_x509_key_file      if (gnutls_certificate_set_x509_key_file
215          ( credentials, server_cert, server_key, GNUTLS_X509_FMT_PEM) < 0) {          ( credentials[0], server_cert, server_key, GNUTLS_X509_FMT_PEM) < 0) {
216          log_error_time();          log_error_time();
217          fprintf(stderr, "could not find %s or %s", server_cert,          fprintf(stderr, "could not find %s or %s", server_cert,
218                  server_key);                  server_key);
# Line 286  int initialize_ssl(void) Line 286  int initialize_ssl(void)
286      /* Generate temporary parameters -- if needed.      /* Generate temporary parameters -- if needed.
287       */       */
288      if (need_rsa_params) {      if (need_rsa_params) {
289          generate_rsa_params();          generate_rsa_params( &_rsa_params[0]);
290          gnutls_certificate_set_rsa_params(credentials, rsa_params);          gnutls_certificate_set_rsa_params(credentials[0], _rsa_params[0]);
291      }      }
292    
293      if (need_dh_params) {      if (need_dh_params) {
294          generate_dh_primes();          generate_dh_primes( &_dh_params[0]);
295          gnutls_certificate_set_dh_params(credentials, dh_params);          gnutls_certificate_set_dh_params(credentials[0], _dh_params[0]);
296      }      }
297    
298      return 0;      return 0;
# Line 303  int initialize_ssl(void) Line 303  int initialize_ssl(void)
303   */   */
304  void ssl_regenerate_params(void)  void ssl_regenerate_params(void)
305  {  {
306      /* This is tricky, and should not be used in any kind of  int _cur = (cur + 1) % 2;
307       * servers (ie threaded ones). This works just because no  
308       * tls session works in parallel with this function.  /* The hint here, is that we keep a copy of 2 certificate credentials.
309       */   * When we come here, we free the unused copy and allocate new
310     * parameters to it. Then we make the current copy to be this copy.
311     *
312     * We don't free the previous copy because we don't know if anyone
313     * is using it. (this has to be fixed)
314     */
315    
316      time(&current_time);      time(&current_time);
317    
318        if ( !credentials[_cur]) {
319           if (gnutls_certificate_allocate_credentials( &credentials[ _cur]) < 0) {
320              log_error_time();
321              fprintf(stderr, "certificate allocation error\n");
322              exit(1);
323           }
324    
325           if (gnutls_certificate_set_x509_key_file
326               ( credentials[_cur], server_cert, server_key, GNUTLS_X509_FMT_PEM) < 0) {
327               log_error_time();
328               fprintf(stderr, "could not find %s or %s", server_cert,
329                    server_key);
330               exit(1);
331           }
332        }
333        
334      if (need_rsa_params) {      if (need_rsa_params) {
335          gnutls_rsa_params_deinit( rsa_params);          gnutls_rsa_params_deinit( _rsa_params[ _cur]);
336          generate_rsa_params();          generate_rsa_params( &_rsa_params[ _cur]);
337          gnutls_certificate_set_rsa_params(credentials, rsa_params);          gnutls_certificate_set_rsa_params(credentials[_cur], _rsa_params[ _cur]);
338      }      }
339    
340      if (need_dh_params) {      if (need_dh_params) {
341          gnutls_dh_params_deinit( dh_params);          gnutls_dh_params_deinit( _dh_params[ _cur]);
342          generate_dh_primes();          generate_dh_primes( &_dh_params[ _cur]);
343          gnutls_certificate_set_dh_params(credentials, dh_params);          gnutls_certificate_set_dh_params(credentials[_cur], _dh_params[ _cur]);
344      }      }
345    
346        cur = _cur;
347    
348      return;      return;
349  }  }
350    

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.2

webmaster@linux.gr
ViewVC Help
Powered by ViewVC 1.1.26