[xmppd-dev] commit r1521 - branches/jadc2s_0_9_x/jadc2s
mail at jabberd.org
mail at jabberd.org
Tue Apr 29 00:32:35 UTC 2008
Author: mawis
Date: Tue Apr 29 00:28:49 2008
New Revision: 1521
Log:
Support for setting DH params (needed to use DSA keys)
Modified:
branches/jadc2s_0_9_x/jadc2s/ChangeLog
branches/jadc2s_0_9_x/jadc2s/configure.ac
branches/jadc2s_0_9_x/jadc2s/jadc2s.c
branches/jadc2s_0_9_x/jadc2s/jadc2s.h
branches/jadc2s_0_9_x/jadc2s/jadc2s.xml.dist
Modified: branches/jadc2s_0_9_x/jadc2s/ChangeLog
==============================================================================
--- branches/jadc2s_0_9_x/jadc2s/ChangeLog (original)
+++ branches/jadc2s_0_9_x/jadc2s/ChangeLog Tue Apr 29 00:28:49 2008
@@ -1,4 +1,9 @@
-2008-04-13 Matthias Wimmer <m@ŧthias.eu>
+2008-04-28 Matthias Wimmer <m at tthias.eu>
+
+ * jadc2s.c: support for DSA keys (by setting DH params)
+ * jadc2s.h: same
+
+2008-04-13 Matthias Wimmer <m at tthias.eu>
* conn.c: Fix for 64 bit systems
Modified: branches/jadc2s_0_9_x/jadc2s/configure.ac
==============================================================================
--- branches/jadc2s_0_9_x/jadc2s/configure.ac (original)
+++ branches/jadc2s_0_9_x/jadc2s/configure.ac Tue Apr 29 00:28:49 2008
@@ -1,7 +1,7 @@
AC_PREREQ(2.50)
AC_INIT(util/util.h)
-AM_INIT_AUTOMAKE(jadc2s,0.9.2-alpha-2007-07-22)
+AM_INIT_AUTOMAKE(jadc2s,0.9.2-alpha-2008-04-28)
AM_CONFIG_HEADER(config.h)
dnl helper macros
Modified: branches/jadc2s_0_9_x/jadc2s/jadc2s.c
==============================================================================
--- branches/jadc2s_0_9_x/jadc2s/jadc2s.c (original)
+++ branches/jadc2s_0_9_x/jadc2s/jadc2s.c Tue Apr 29 00:28:49 2008
@@ -464,6 +464,7 @@
#ifdef USE_SSL
c2s->local_sslport = j_atoi(config_get_one(c2s->config, "local.ssl.port", 0), 5223);
c2s->pemfile = config_get_one(c2s->config, "local.ssl.pemfile", 0);
+ c2s->dhparam = config_get_one(c2s->config, "local.ssl.dhparam", 0);
c2s->ciphers = config_get_one(c2s->config, "local.ssl.ciphers", 0);
c2s->ssl_enable_workarounds = (config_get_one(c2s->config, "local.ssl.enable_workarounds", 0) != NULL);
@@ -619,6 +620,24 @@
}
}
+ if (c2s->dhparam) {
+ DH *dhparam = NULL;
+ FILE *paramfile;
+
+ paramfile = fopen(c2s->dhparam, "r");
+ if (paramfile) {
+ dhparam = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+ fclose(paramfile);
+
+ if (!SSL_CTX_set_tmp_dh(c2s->ssl_ctx, dhparam)) {
+ log_write(c2s->log, LOG_ERR, "Failed to set DH params");
+ log_ssl_errors(c2s->log, LOG_ERR);
+ }
+ } else {
+ log_write(c2s->log, LOG_ERR, "failed to load DH parameter file: %s", c2s->dhparam);
+ }
+ }
+
/* enable workarounds for different SSL client bugs or disable
* some versions of SSL/TLS */
if (c2s->ssl_enable_workarounds)
Modified: branches/jadc2s_0_9_x/jadc2s/jadc2s.h
==============================================================================
--- branches/jadc2s_0_9_x/jadc2s/jadc2s.h (original)
+++ branches/jadc2s_0_9_x/jadc2s/jadc2s.h Tue Apr 29 00:28:49 2008
@@ -301,6 +301,7 @@
#ifdef USE_SSL
int local_sslport;
char *pemfile;
+ char *dhparam;
char *ciphers;
int ssl_no_ssl_v2;
int ssl_no_ssl_v3;
Modified: branches/jadc2s_0_9_x/jadc2s/jadc2s.xml.dist
==============================================================================
--- branches/jadc2s_0_9_x/jadc2s/jadc2s.xml.dist (original)
+++ branches/jadc2s_0_9_x/jadc2s/jadc2s.xml.dist Tue Apr 29 00:28:49 2008
@@ -49,6 +49,7 @@
<!-- the certificate. -->
<!-- <port/> (default: 5223) -->
<!-- <pemfile/> (default: ./server.pem) -->
+ <!-- <dhparam/> (default: no DH parameters configured) -->
<!-- <no_ssl_v2/> (disables SSL protocol version 2) -->
<!-- <no_ssl_v3/> (disables SSL protocol version 3) -->
<!-- <no_tls_v1/> (disables TLS protocol version 1, aka SSL 3.1) -->
More information about the dev
mailing list