ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-10 11:09:04 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixed #568 - gnutls does not allow reuse of credentials, which was making /rehash ssl not work properly

Browse Source 
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@10001 e03df62e-2008-0410-955e-edbf42e46eb7
This commit is contained in:
special 2008-07-12 23:26:45 +00:00
parent f5dec38514
commit aff121b07c
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/modules/extra/m_ssl_gnutls.cpp
View File

@ -118,6 +118,7 @@ class ModuleSSLGnuTLS : public Module
int dh_bits; int dh_bits;
int clientactive; int clientactive;
bool cred_alloc;
CommandStartTLS* starttls; CommandStartTLS* starttls;
@ -135,13 +136,7 @@ class ModuleSSLGnuTLS : public Module
gnutls_global_init(); // This must be called once in the program gnutls_global_init(); // This must be called once in the program
if(gnutls_certificate_allocate_credentials(&x509_cred) != 0) cred_alloc = false;
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to allocate certificate credentials");
// Guessing return meaning
if(gnutls_dh_params_init(&dh_params) < 0)
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters");
// Needs the flag as it ignores a plain /rehash // Needs the flag as it ignores a plain /rehash
OnRehash(NULL,"ssl"); OnRehash(NULL,"ssl");
@ -246,7 +241,22 @@ class ModuleSSLGnuTLS : public Module
keyfile = confdir + keyfile; keyfile = confdir + keyfile;
int ret; int ret;
if (cred_alloc)
{
// Deallocate the old credentials
gnutls_dh_params_deinit(dh_params);
gnutls_certificate_free_credentials(x509_cred);
}
else
cred_alloc = true;
if((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0)
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to allocate certificate credentials: %s", gnutls_strerror(ret));
if((ret = gnutls_dh_params_init(&dh_params)) < 0)
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret));
if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0) if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 trust file '%s': %s", cafile.c_str(), gnutls_strerror(ret)); ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 trust file '%s': %s", cafile.c_str(), gnutls_strerror(ret));