diff options
author | Gerald Carter <jerry@samba.org> | 2001-09-26 17:29:53 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2001-09-26 17:29:53 +0000 |
commit | efc6df5a3914da9e7b792ccaccd1403c72c09f78 (patch) | |
tree | 0295c6dfdf71758613d22a321724b1074c7d0ebc /source/smbd/ssl.c | |
parent | 50ea73426f58070859bbbe769c8353a11ff33dc9 (diff) | |
download | samba-efc6df5a3914da9e7b792ccaccd1403c72c09f78.tar.gz samba-efc6df5a3914da9e7b792ccaccd1403c72c09f78.tar.xz samba-efc6df5a3914da9e7b792ccaccd1403c72c09f78.zip |
OpenSSL merge from 2.2
Diffstat (limited to 'source/smbd/ssl.c')
-rw-r--r-- | source/smbd/ssl.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/source/smbd/ssl.c b/source/smbd/ssl.c index dff5f34d5dd..c45afc52d53 100644 --- a/source/smbd/ssl.c +++ b/source/smbd/ssl.c @@ -29,8 +29,8 @@ #ifdef WITH_SSL /* should always be defined if this module is compiled */ -#include <ssl.h> -#include <err.h> +#include <openssl/ssl.h> +#include <openssl/err.h> BOOL sslEnabled; SSL *ssl = NULL; @@ -74,12 +74,12 @@ char buffer[256]; return ok; } -static RSA *ssl_temp_rsa_cb(SSL *ssl, int export) +static RSA *ssl_temp_rsa_cb(SSL *ssl, int is_export, int keylength) { static RSA *rsa = NULL; if(rsa == NULL) - rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); + rsa = RSA_generate_key(keylength, RSA_F4, NULL, NULL); return rsa; } @@ -89,11 +89,19 @@ static RSA *rsa = NULL; */ int sslutil_init(int isServer) { -int err; +int err, entropybytes; char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile; +char *egdsocket, *entropyfile; SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); + egdsocket = lp_ssl_egdsocket(); + if (egdsocket != NULL && *egdsocket != 0) + RAND_egd(egdsocket); + entropyfile = lp_ssl_entropyfile(); + entropybytes = lp_ssl_entropybytes(); + if (entropyfile != NULL && *entropyfile != 0) + RAND_load_file(entropyfile, entropybytes); switch(lp_ssl_version()){ case SMB_SSL_V2: sslContext = SSL_CTX_new(SSLv2_method()); break; case SMB_SSL_V3: sslContext = SSL_CTX_new(SSLv3_method()); break; @@ -120,7 +128,7 @@ char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile; if(keyfile == NULL || *keyfile == 0) keyfile = certfile; if(certfile != NULL && *certfile != 0){ - if(!SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)){ + if(!SSL_CTX_use_certificate_chain_file(sslContext, certfile)){ err = ERR_get_error(); fprintf(stderr, "SSL: error reading certificate from file %s: %s\n", certfile, ERR_error_string(err, NULL)); @@ -146,9 +154,11 @@ char *certfile, *keyfile, *ciphers, *cacertDir, *cacertFile; cacertFile = NULL; if(!SSL_CTX_load_verify_locations(sslContext, cacertFile, cacertDir)){ err = ERR_get_error(); - fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n", - ERR_error_string(err, NULL)); - fprintf(stderr, "trying default locations.\n"); + if (cacertFile || cacertDir) { + fprintf(stderr, "SSL: Error error setting CA cert locations: %s\n", + ERR_error_string(err, NULL)); + fprintf(stderr, "trying default locations.\n"); + } cacertFile = cacertDir = NULL; if(!SSL_CTX_set_default_verify_paths(sslContext)){ err = ERR_get_error(); |