diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-05-28 03:50:13 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:17:08 -0500 |
commit | c22d20edb4ee9c57f4bdd304034c18ace8e8e99e (patch) | |
tree | cf662b9fe5e9befab5569359a05a10f77fbb0c01 /source4/web_server/tls.c | |
parent | 2b0607248aceebd80938eb5ffad309aa7b47472e (diff) | |
download | samba-c22d20edb4ee9c57f4bdd304034c18ace8e8e99e.tar.gz samba-c22d20edb4ee9c57f4bdd304034c18ace8e8e99e.tar.bz2 samba-c22d20edb4ee9c57f4bdd304034c18ace8e8e99e.zip |
r7048: added auto-generation of TLS self-signed certificates if none exist already
This allows smbd to be setup from scratch over ssl without having to
know how to create valid certificates (which can be quite tricky
unless you've done it before)
Of course, a good admin will provide real certificates, and smbd will
use them if specified
(This used to be commit 00b67efc99eac7bca386dea03f03bbb9470ab002)
Diffstat (limited to 'source4/web_server/tls.c')
-rw-r--r-- | source4/web_server/tls.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/source4/web_server/tls.c b/source4/web_server/tls.c index 656c5ee6d6..13fc6e805b 100644 --- a/source4/web_server/tls.c +++ b/source4/web_server/tls.c @@ -240,17 +240,23 @@ void tls_initialise(struct task_server *task) tls = talloc_zero(edata, struct tls_data); edata->tls_data = tls; + if (!file_exist(cafile)) { + tls_cert_generate(tls, keyfile, certfile, cafile); + } + ret = gnutls_global_init(); if (ret < 0) goto init_failed; gnutls_certificate_allocate_credentials(&tls->x509_cred); if (ret < 0) goto init_failed; - ret = gnutls_certificate_set_x509_trust_file(tls->x509_cred, cafile, - GNUTLS_X509_FMT_PEM); - if (ret < 0) { - DEBUG(0,("TLS failed to initialise cafile %s\n", cafile)); - goto init_failed; + if (cafile && *cafile) { + ret = gnutls_certificate_set_x509_trust_file(tls->x509_cred, cafile, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + DEBUG(0,("TLS failed to initialise cafile %s\n", cafile)); + goto init_failed; + } } if (crlfile && *crlfile) { @@ -258,7 +264,7 @@ void tls_initialise(struct task_server *task) crlfile, GNUTLS_X509_FMT_PEM); if (ret < 0) { - DEBUG(0,("TLS failed to initialise crlfile %s\n", cafile)); + DEBUG(0,("TLS failed to initialise crlfile %s\n", crlfile)); goto init_failed; } } @@ -268,7 +274,7 @@ void tls_initialise(struct task_server *task) GNUTLS_X509_FMT_PEM); if (ret < 0) { DEBUG(0,("TLS failed to initialise certfile %s and keyfile %s\n", - lp_web_certfile(), lp_web_keyfile())); + certfile, keyfile)); goto init_failed; } |