diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-08-03 08:02:54 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:15:20 -0500 |
commit | adefa4404cb612d8066b3a19f6fd545428e6441b (patch) | |
tree | 88c4ebd97e3fb4c3b4d9a2071cc5b14fd42b55e2 /source4/lib | |
parent | 05aa6b85ce96eff028daef5b8275195dc1deed82 (diff) | |
download | samba-adefa4404cb612d8066b3a19f6fd545428e6441b.tar.gz samba-adefa4404cb612d8066b3a19f6fd545428e6441b.tar.bz2 samba-adefa4404cb612d8066b3a19f6fd545428e6441b.zip |
r17379: Pre-generate DH parameters, to avoid doing this at runtime in our testsuite.
Andrew Bartlett
(This used to be commit 23314c3953676124a2ad06e8b3a3b297c11f2800)
Diffstat (limited to 'source4/lib')
-rw-r--r-- | source4/lib/tls/tls.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c index c3a6047e06..2a02ffa237 100644 --- a/source4/lib/tls/tls.c +++ b/source4/lib/tls/tls.c @@ -356,6 +356,7 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) const char *certfile = private_path(tmp_ctx, lp_tls_certfile()); const char *cafile = private_path(tmp_ctx, lp_tls_cafile()); const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile()); + const char *dhpfile = private_path(tmp_ctx, lp_tls_dhpfile()); void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *); params = talloc(mem_ctx, struct tls_params); @@ -408,12 +409,25 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) goto init_failed; } + ret = gnutls_dh_params_init(¶ms->dh_params); if (ret < 0) goto init_failed; - ret = gnutls_dh_params_generate2(params->dh_params, DH_BITS); - if (ret < 0) goto init_failed; + if (dhpfile) { + gnutls_datum_t dhparms; + dhparms.data = (uint8_t *)file_load(dhpfile, &dhparms.size, mem_ctx); + if (!dhparms.data) { + goto init_failed; + } + + ret = gnutls_dh_params_import_pkcs3(params->dh_params, &dhparms, GNUTLS_X509_FMT_PEM); + if (ret < 0) goto init_failed; + } else { + ret = gnutls_dh_params_generate2(params->dh_params, DH_BITS); + if (ret < 0) goto init_failed; + } + gnutls_certificate_set_dh_params(params->x509_cred, params->dh_params); params->tls_enabled = True; |