1 files changed, 19 insertions, 9 deletions

diff --git a/source3/smbd/ssl.c b/source3/smbd/ssl.c
index dff5f34d5d..c45afc52d5 100644
--- a/source3/smbd/ssl.c
+++ b/source3/smbd/ssl.c
@@ -29,8 +29,8 @@
 
 #ifdef WITH_SSL  /* should always be defined if this module is compiled */
 
-#include <ssl.h>
-#include <err.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 BOOL            sslEnabled;
 SSL             *ssl = NULL;
@@ -74,12 +74,12 @@ char    buffer[256];
     return ok;
 }
 
-static RSA  *ssl_temp_rsa_cb(SSL *ssl, int export)
+static RSA  *ssl_temp_rsa_cb(SSL *ssl, int is_export, int keylength)
 {
 static RSA  *rsa = NULL;
     
     if(rsa == NULL)
-        rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
+        rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
     return rsa;
 }
 
@@ -89,11 +89,19 @@ static RSA  *rsa = NULL;
  */
 int sslutil_init(int isServer)
 {
-int     err;
+int     err, entropybytes;
 char    *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile;
+char	*egdsocket, *entropyfile;
 
     SSL_load_error_strings();
     SSLeay_add_ssl_algorithms();
+    egdsocket = lp_ssl_egdsocket();
+    if (egdsocket != NULL && *egdsocket != 0)
+	RAND_egd(egdsocket);
+    entropyfile = lp_ssl_entropyfile();
+    entropybytes = lp_ssl_entropybytes();
+    if (entropyfile != NULL && *entropyfile != 0)
+	RAND_load_file(entropyfile, entropybytes);
     switch(lp_ssl_version()){
         case SMB_SSL_V2:    sslContext = SSL_CTX_new(SSLv2_method());   break;
         case SMB_SSL_V3:    sslContext = SSL_CTX_new(SSLv3_method());   break;
@@ -120,7 +128,7 @@ char    *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile;
     if(keyfile == NULL || *keyfile == 0)
         keyfile = certfile;
     if(certfile != NULL && *certfile != 0){
-        if(!SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)){
+        if(!SSL_CTX_use_certificate_chain_file(sslContext, certfile)){
             err = ERR_get_error();
             fprintf(stderr, "SSL: error reading certificate from file %s: %s\n",
                     certfile, ERR_error_string(err, NULL));
@@ -146,9 +154,11 @@ char    *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile;
         cacertFile = NULL;
     if(!SSL_CTX_load_verify_locations(sslContext, cacertFile, cacertDir)){
         err = ERR_get_error();
-        fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n",
-                ERR_error_string(err, NULL));
-        fprintf(stderr, "trying default locations.\n");
+	if (cacertFile || cacertDir) {
+       	    fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n",
+		ERR_error_string(err, NULL));
+            fprintf(stderr, "trying default locations.\n");
+	}
         cacertFile = cacertDir = NULL;
         if(!SSL_CTX_set_default_verify_paths(sslContext)){
             err = ERR_get_error();