summaryrefslogtreecommitdiff
path: root/source4/lib
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-08-03 08:02:54 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:15:20 -0500
commitadefa4404cb612d8066b3a19f6fd545428e6441b (patch)
tree88c4ebd97e3fb4c3b4d9a2071cc5b14fd42b55e2 /source4/lib
parent05aa6b85ce96eff028daef5b8275195dc1deed82 (diff)
downloadsamba-adefa4404cb612d8066b3a19f6fd545428e6441b.tar.gz
samba-adefa4404cb612d8066b3a19f6fd545428e6441b.tar.bz2
samba-adefa4404cb612d8066b3a19f6fd545428e6441b.zip
r17379: Pre-generate DH parameters, to avoid doing this at runtime in our testsuite.
Andrew Bartlett (This used to be commit 23314c3953676124a2ad06e8b3a3b297c11f2800)
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/tls/tls.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index c3a6047e06..2a02ffa237 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -356,6 +356,7 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
const char *certfile = private_path(tmp_ctx, lp_tls_certfile());
const char *cafile = private_path(tmp_ctx, lp_tls_cafile());
const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile());
+ const char *dhpfile = private_path(tmp_ctx, lp_tls_dhpfile());
void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
params = talloc(mem_ctx, struct tls_params);
@@ -408,12 +409,25 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
goto init_failed;
}
+
ret = gnutls_dh_params_init(&params->dh_params);
if (ret < 0) goto init_failed;
- ret = gnutls_dh_params_generate2(params->dh_params, DH_BITS);
- if (ret < 0) goto init_failed;
+ if (dhpfile) {
+ gnutls_datum_t dhparms;
+ dhparms.data = (uint8_t *)file_load(dhpfile, &dhparms.size, mem_ctx);
+ if (!dhparms.data) {
+ goto init_failed;
+ }
+
+ ret = gnutls_dh_params_import_pkcs3(params->dh_params, &dhparms, GNUTLS_X509_FMT_PEM);
+ if (ret < 0) goto init_failed;
+ } else {
+ ret = gnutls_dh_params_generate2(params->dh_params, DH_BITS);
+ if (ret < 0) goto init_failed;
+ }
+
gnutls_certificate_set_dh_params(params->x509_cred, params->dh_params);
params->tls_enabled = True;