summaryrefslogtreecommitdiff
path: root/source4/web_server/tls.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-05-28 03:50:13 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:17:08 -0500
commitc22d20edb4ee9c57f4bdd304034c18ace8e8e99e (patch)
treecf662b9fe5e9befab5569359a05a10f77fbb0c01 /source4/web_server/tls.c
parent2b0607248aceebd80938eb5ffad309aa7b47472e (diff)
downloadsamba-c22d20edb4ee9c57f4bdd304034c18ace8e8e99e.tar.gz
samba-c22d20edb4ee9c57f4bdd304034c18ace8e8e99e.tar.bz2
samba-c22d20edb4ee9c57f4bdd304034c18ace8e8e99e.zip
r7048: added auto-generation of TLS self-signed certificates if none exist already
This allows smbd to be setup from scratch over ssl without having to know how to create valid certificates (which can be quite tricky unless you've done it before) Of course, a good admin will provide real certificates, and smbd will use them if specified (This used to be commit 00b67efc99eac7bca386dea03f03bbb9470ab002)
Diffstat (limited to 'source4/web_server/tls.c')
-rw-r--r--source4/web_server/tls.c20
1 files changed, 13 insertions, 7 deletions
diff --git a/source4/web_server/tls.c b/source4/web_server/tls.c
index 656c5ee6d6..13fc6e805b 100644
--- a/source4/web_server/tls.c
+++ b/source4/web_server/tls.c
@@ -240,17 +240,23 @@ void tls_initialise(struct task_server *task)
tls = talloc_zero(edata, struct tls_data);
edata->tls_data = tls;
+ if (!file_exist(cafile)) {
+ tls_cert_generate(tls, keyfile, certfile, cafile);
+ }
+
ret = gnutls_global_init();
if (ret < 0) goto init_failed;
gnutls_certificate_allocate_credentials(&tls->x509_cred);
if (ret < 0) goto init_failed;
- ret = gnutls_certificate_set_x509_trust_file(tls->x509_cred, cafile,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0) {
- DEBUG(0,("TLS failed to initialise cafile %s\n", cafile));
- goto init_failed;
+ if (cafile && *cafile) {
+ ret = gnutls_certificate_set_x509_trust_file(tls->x509_cred, cafile,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ DEBUG(0,("TLS failed to initialise cafile %s\n", cafile));
+ goto init_failed;
+ }
}
if (crlfile && *crlfile) {
@@ -258,7 +264,7 @@ void tls_initialise(struct task_server *task)
crlfile,
GNUTLS_X509_FMT_PEM);
if (ret < 0) {
- DEBUG(0,("TLS failed to initialise crlfile %s\n", cafile));
+ DEBUG(0,("TLS failed to initialise crlfile %s\n", crlfile));
goto init_failed;
}
}
@@ -268,7 +274,7 @@ void tls_initialise(struct task_server *task)
GNUTLS_X509_FMT_PEM);
if (ret < 0) {
DEBUG(0,("TLS failed to initialise certfile %s and keyfile %s\n",
- lp_web_certfile(), lp_web_keyfile()));
+ certfile, keyfile));
goto init_failed;
}
generated by cgit (git 2.34.1) at 2024-07-02 09:51:04 +0000