xfnw
/
solanum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[TLS Backends] Allow absense of private key file 

Use the certificate file instead
This commit is contained in:
Aaron Jones 2016-05-05 03:43:15 +00:00
parent 4d83a4d92d
commit 0fe9dd4119
No known key found for this signature in database
GPG Key ID: 6E854C0FAAD4CEA4
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
librb/src/gnutls.c
View File

@ -361,18 +361,22 @@ rb_load_file_into_datum_t(const char *file)
}
int
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list)
rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfile, const char *cipher_list)
{
int ret;
const char *err;
gnutls_datum_t *d_cert, *d_key;
if(cert == NULL)
if(certfile == NULL)
{
rb_lib_log("rb_setup_ssl_server: No certificate file");
return 0;
}
if((d_cert = rb_load_file_into_datum_t(cert)) == NULL)
if(keyfile == NULL)
keyfile = certfile;
if((d_cert = rb_load_file_into_datum_t(certfile)) == NULL)
{
rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", strerror(errno));
return 0;

13
librb/src/openssl.c
View File

@ -340,7 +340,7 @@ rb_init_ssl(void)
}
int
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list)
rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfile, const char *cipher_list)
{
const char librb_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!aNULL";
@ -348,17 +348,14 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c
const char librb_curves[] = "P-521:P-384:P-256";
#endif
if(cert == NULL)
if(certfile == NULL)
{
rb_lib_log("rb_setup_ssl_server: No certificate file");
return 0;
}
if(keyfile == NULL)
{
rb_lib_log("rb_setup_ssl_server: No key file");
return 0;
}
keyfile = certfile;
if(cipher_list == NULL)
cipher_list = librb_ciphers;
@ -438,9 +435,9 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c
SSL_CTX_set_cipher_list(ssl_server_ctx, cipher_list);
SSL_CTX_set_cipher_list(ssl_client_ctx, cipher_list);
if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert))
if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, certfile) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, certfile))
{
rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert,
rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", certfile,
get_ssl_error(ERR_get_error()));
return 0;
}