diff options
| author | Gerd Hoffmann <kraxel@redhat.com> | 2010-03-04 10:57:03 +0100 |
|---|---|---|
| committer | Uri Lublin <uril@redhat.com> | 2010-03-08 04:15:35 +0200 |
| commit | 2c1451b5d1bbb33706432cc632289e0cbbdd6cbd (patch) | |
| tree | 803028aa8d818f8a4c8aca541a23a7a3731c0726 | |
| parent | 3e52f3b836ba6b0effbe39eef278068d5eea13db (diff) | |
| download | spice-2c1451b5d1bbb33706432cc632289e0cbbdd6cbd.tar.gz spice-2c1451b5d1bbb33706432cc632289e0cbbdd6cbd.tar.xz spice-2c1451b5d1bbb33706432cc632289e0cbbdd6cbd.zip | |
new libspice api: configure tls
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| -rw-r--r-- | server/reds.c | 45 | ||||
| -rw-r--r-- | server/spice.h | 4 |
2 files changed, 47 insertions, 2 deletions
diff --git a/server/reds.c b/server/reds.c index f6f43840..30dc7c0a 100644 --- a/server/reds.c +++ b/server/reds.c @@ -3276,10 +3276,14 @@ static void reds_init_ssl() SSL_CTX_set_verify_depth(reds->ctx, 1); #endif - load_dh_params(reds->ctx, ssl_parameters.dh_key_file); + if (strlen(ssl_parameters.dh_key_file) > 0) { + load_dh_params(reds->ctx, ssl_parameters.dh_key_file); + } SSL_CTX_set_session_id_context(reds->ctx, (const unsigned char *)"SPICE", 5); - SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite); + if (strlen(ssl_parameters.ciphersuite) > 0) { + SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite); + } openssl_thread_setup(); @@ -5546,6 +5550,43 @@ int spice_server_set_ticket(SpiceServer *s, const char *passwd, int lifetime, return 0; } +int spice_server_set_tls(SpiceServer *s, int port, + const char *ca_cert_file, const char *certs_file, + const char *private_key_file, const char *key_passwd, + const char *dh_key_file, const char *ciphersuite) +{ + ASSERT(reds == s); + if (port == 0 || ca_cert_file == NULL || certs_file == NULL || + private_key_file == NULL) { + return -1; + } + if (port < 0 || port > 0xffff) + return -1; + memset(&ssl_parameters, 0, sizeof(ssl_parameters)); + + spice_secure_port = port; + strncpy(ssl_parameters.ca_certificate_file, ca_cert_file, + sizeof(ssl_parameters.ca_certificate_file)-1); + strncpy(ssl_parameters.certs_file, certs_file, + sizeof(ssl_parameters.certs_file)-1); + strncpy(ssl_parameters.private_key_file, private_key_file, + sizeof(ssl_parameters.private_key_file)-1); + + if (key_passwd) { + strncpy(ssl_parameters.keyfile_password, key_passwd, + sizeof(ssl_parameters.keyfile_password)-1); + } + if (ciphersuite) { + strncpy(ssl_parameters.ciphersuite, ciphersuite, + sizeof(ssl_parameters.ciphersuite)-1); + } + if (dh_key_file) { + strncpy(ssl_parameters.dh_key_file, dh_key_file, + sizeof(ssl_parameters.dh_key_file)-1); + } + return 0; +} + int spice_server_add_interface(SpiceServer *s, VDInterface *interface) { ASSERT(reds == s); diff --git a/server/spice.h b/server/spice.h index c72b3059..015ed895 100644 --- a/server/spice.h +++ b/server/spice.h @@ -36,6 +36,10 @@ int spice_server_set_port(SpiceServer *s, int port); int spice_server_set_noauth(SpiceServer *s); int spice_server_set_ticket(SpiceServer *s, const char *passwd, int lifetime, int fail_if_connected, int disconnect_if_connected); +int spice_server_set_tls(SpiceServer *s, int port, + const char *ca_cert_file, const char *certs_file, + const char *private_key_file, const char *key_passwd, + const char *dh_key_file, const char *ciphersuite); int spice_server_add_interface(SpiceServer *s, VDInterface *interface); int spice_server_remove_interface(SpiceServer *s, VDInterface *interface); |