diff options
| author | Gerald Carter <jerry@samba.org> | 2001-09-26 17:29:53 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2001-09-26 17:29:53 +0000 |
| commit | 2c4d1d39b148b8587deb8fca2db4113354165989 (patch) | |
| tree | f03a460218b307deee916ca2746298d009315c53 /source3/smbd/ssl.c | |
| parent | 29d3318437f3137d61e955d5ee5d8f70c115e3d2 (diff) | |
| download | samba-2c4d1d39b148b8587deb8fca2db4113354165989.tar.gz samba-2c4d1d39b148b8587deb8fca2db4113354165989.tar.bz2 samba-2c4d1d39b148b8587deb8fca2db4113354165989.zip | |
OpenSSL merge from 2.2
(This used to be commit efc6df5a3914da9e7b792ccaccd1403c72c09f78)
Diffstat (limited to 'source3/smbd/ssl.c')
| -rw-r--r-- | source3/smbd/ssl.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/source3/smbd/ssl.c b/source3/smbd/ssl.c index dff5f34d5d..c45afc52d5 100644 --- a/source3/smbd/ssl.c +++ b/source3/smbd/ssl.c @@ -29,8 +29,8 @@ #ifdef WITH_SSL /* should always be defined if this module is compiled */ -#include <ssl.h> -#include <err.h> +#include <openssl/ssl.h> +#include <openssl/err.h> BOOL sslEnabled; SSL *ssl = NULL; @@ -74,12 +74,12 @@ char buffer[256]; return ok; } -static RSA *ssl_temp_rsa_cb(SSL *ssl, int export) +static RSA *ssl_temp_rsa_cb(SSL *ssl, int is_export, int keylength) { static RSA *rsa = NULL; if(rsa == NULL) - rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); + rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL); return rsa; } @@ -89,11 +89,19 @@ static RSA *rsa = NULL; */ int sslutil_init(int isServer) { -int err; +int err, entropybytes; char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile; +char *egdsocket, *entropyfile; SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); + egdsocket = lp_ssl_egdsocket(); + if (egdsocket != NULL && *egdsocket != 0) + RAND_egd(egdsocket); + entropyfile = lp_ssl_entropyfile(); + entropybytes = lp_ssl_entropybytes(); + if (entropyfile != NULL && *entropyfile != 0) + RAND_load_file(entropyfile, entropybytes); switch(lp_ssl_version()){ case SMB_SSL_V2: sslContext = SSL_CTX_new(SSLv2_method()); break; case SMB_SSL_V3: sslContext = SSL_CTX_new(SSLv3_method()); break; @@ -120,7 +128,7 @@ char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile; if(keyfile == NULL || *keyfile == 0) keyfile = certfile; if(certfile != NULL && *certfile != 0){ - if(!SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)){ + if(!SSL_CTX_use_certificate_chain_file(sslContext, certfile)){ err = ERR_get_error(); fprintf(stderr, "SSL: error reading certificate from file %s: %s\n", certfile, ERR_error_string(err, NULL)); @@ -146,9 +154,11 @@ char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile; cacertFile = NULL; if(!SSL_CTX_load_verify_locations(sslContext, cacertFile, cacertDir)){ err = ERR_get_error(); - fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n", - ERR_error_string(err, NULL)); - fprintf(stderr, "trying default locations.\n"); + if (cacertFile || cacertDir) { + fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n", + ERR_error_string(err, NULL)); + fprintf(stderr, "trying default locations.\n"); + } cacertFile = cacertDir = NULL; if(!SSL_CTX_set_default_verify_paths(sslContext)){ err = ERR_get_error(); |