new libspice api: configure tls

author: Gerd Hoffmann <kraxel@redhat.com> 2010-03-09 14:22:19 +0100
committer: Alexander Larsson <alexl@redhat.com> 2010-03-09 14:22:19 +0100
commit: b4f5752a0e831d48f022caff7d14106a0e56d142 (patch)
tree: c081f9ccf30224a1435a71d915825f861bfa6df0 /server/reds.c
parent: 1ecd01f58693d464dd49c5f7a9b36c2768b2c876 (diff)
download: spice-b4f5752a0e831d48f022caff7d14106a0e56d142.tar.gz
spice-b4f5752a0e831d48f022caff7d14106a0e56d142.tar.xz
spice-b4f5752a0e831d48f022caff7d14106a0e56d142.zip
1 files changed, 44 insertions, 2 deletions
diff --git a/server/reds.c b/server/reds.c
index 121fe050..c1021ae8 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3278,10 +3278,14 @@ static void reds_init_ssl()
     SSL_CTX_set_verify_depth(reds->ctx, 1);
 #endif
 
-    load_dh_params(reds->ctx, ssl_parameters.dh_key_file);
+    if (strlen(ssl_parameters.dh_key_file) > 0) {
+        load_dh_params(reds->ctx, ssl_parameters.dh_key_file);
+    }
 
     SSL_CTX_set_session_id_context(reds->ctx, (const unsigned char *)"SPICE", 5);
-    SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite);
+    if (strlen(ssl_parameters.ciphersuite) > 0) {
+        SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite);
+    }
 
     openssl_thread_setup();
 
@@ -5560,6 +5564,44 @@ int spice_server_set_ticket(SpiceServer *s, const char *passwd, int lifetime,
     return 0;
 }
 
+int spice_server_set_tls(SpiceServer *s, int port,
+                         const char *ca_cert_file, const char *certs_file,
+                         const char *private_key_file, const char *key_passwd,
+                         const char *dh_key_file, const char *ciphersuite)
+{
+    ASSERT(reds == s);
+    if (port == 0 || ca_cert_file == NULL || certs_file == NULL ||
+        private_key_file == NULL) {
+        return -1;
+    }
+    if (port < 0 || port > 0xffff) {
+        return -1;
+    }
+    memset(&ssl_parameters, 0, sizeof(ssl_parameters));
+
+    spice_secure_port = port;
+    strncpy(ssl_parameters.ca_certificate_file, ca_cert_file,
+            sizeof(ssl_parameters.ca_certificate_file)-1);
+    strncpy(ssl_parameters.certs_file, certs_file,
+            sizeof(ssl_parameters.certs_file)-1);
+    strncpy(ssl_parameters.private_key_file, private_key_file,
+            sizeof(ssl_parameters.private_key_file)-1);
+
+    if (key_passwd) {
+        strncpy(ssl_parameters.keyfile_password, key_passwd,
+                sizeof(ssl_parameters.keyfile_password)-1);
+    }
+    if (ciphersuite) {
+        strncpy(ssl_parameters.ciphersuite, ciphersuite,
+                sizeof(ssl_parameters.ciphersuite)-1);
+    }
+    if (dh_key_file) {
+        strncpy(ssl_parameters.dh_key_file, dh_key_file,
+                sizeof(ssl_parameters.dh_key_file)-1);
+    }
+    return 0;
+}
+
 int spice_server_add_interface(SpiceServer *s, VDInterface *interface)
 {
     ASSERT(reds == s);
author	Gerd Hoffmann <kraxel@redhat.com>	2010-03-09 14:22:19 +0100
committer	Alexander Larsson <alexl@redhat.com>	2010-03-09 14:22:19 +0100
commit	b4f5752a0e831d48f022caff7d14106a0e56d142 (patch)
tree	c081f9ccf30224a1435a71d915825f861bfa6df0 /server/reds.c
parent	1ecd01f58693d464dd49c5f7a9b36c2768b2c876 (diff)
download	spice-b4f5752a0e831d48f022caff7d14106a0e56d142.tar.gz spice-b4f5752a0e831d48f022caff7d14106a0e56d142.tar.xz spice-b4f5752a0e831d48f022caff7d14106a0e56d142.zip