summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2001-09-26 17:29:53 +0000
committerGerald Carter <jerry@samba.org>2001-09-26 17:29:53 +0000
commit2c4d1d39b148b8587deb8fca2db4113354165989 (patch)
treef03a460218b307deee916ca2746298d009315c53 /source3/smbd
parent29d3318437f3137d61e955d5ee5d8f70c115e3d2 (diff)
downloadsamba-2c4d1d39b148b8587deb8fca2db4113354165989.tar.gz
samba-2c4d1d39b148b8587deb8fca2db4113354165989.tar.bz2
samba-2c4d1d39b148b8587deb8fca2db4113354165989.zip
OpenSSL merge from 2.2
(This used to be commit efc6df5a3914da9e7b792ccaccd1403c72c09f78)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/ssl.c28
1 files changed, 19 insertions, 9 deletions
diff --git a/source3/smbd/ssl.c b/source3/smbd/ssl.c
index dff5f34d5d..c45afc52d5 100644
--- a/source3/smbd/ssl.c
+++ b/source3/smbd/ssl.c
@@ -29,8 +29,8 @@
#ifdef WITH_SSL /* should always be defined if this module is compiled */
-#include <ssl.h>
-#include <err.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
BOOL sslEnabled;
SSL *ssl = NULL;
@@ -74,12 +74,12 @@ char buffer[256];
return ok;
}
-static RSA *ssl_temp_rsa_cb(SSL *ssl, int export)
+static RSA *ssl_temp_rsa_cb(SSL *ssl, int is_export, int keylength)
{
static RSA *rsa = NULL;
if(rsa == NULL)
- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
+ rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
return rsa;
}
@@ -89,11 +89,19 @@ static RSA *rsa = NULL;
*/
int sslutil_init(int isServer)
{
-int err;
+int err, entropybytes;
char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile;
+char *egdsocket, *entropyfile;
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
+ egdsocket = lp_ssl_egdsocket();
+ if (egdsocket != NULL && *egdsocket != 0)
+ RAND_egd(egdsocket);
+ entropyfile = lp_ssl_entropyfile();
+ entropybytes = lp_ssl_entropybytes();
+ if (entropyfile != NULL && *entropyfile != 0)
+ RAND_load_file(entropyfile, entropybytes);
switch(lp_ssl_version()){
case SMB_SSL_V2: sslContext = SSL_CTX_new(SSLv2_method()); break;
case SMB_SSL_V3: sslContext = SSL_CTX_new(SSLv3_method()); break;
@@ -120,7 +128,7 @@ char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile;
if(keyfile == NULL || *keyfile == 0)
keyfile = certfile;
if(certfile != NULL && *certfile != 0){
- if(!SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)){
+ if(!SSL_CTX_use_certificate_chain_file(sslContext, certfile)){
err = ERR_get_error();
fprintf(stderr, "SSL: error reading certificate from file %s: %s\n",
certfile, ERR_error_string(err, NULL));
@@ -146,9 +154,11 @@ char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile;
cacertFile = NULL;
if(!SSL_CTX_load_verify_locations(sslContext, cacertFile, cacertDir)){
err = ERR_get_error();
- fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n",
- ERR_error_string(err, NULL));
- fprintf(stderr, "trying default locations.\n");
+ if (cacertFile || cacertDir) {
+ fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n",
+ ERR_error_string(err, NULL));
+ fprintf(stderr, "trying default locations.\n");
+ }
cacertFile = cacertDir = NULL;
if(!SSL_CTX_set_default_verify_paths(sslContext)){
err = ERR_get_error();