mirror of https://git.kore.io/kore.git
resolve tls_dhparam after configure.
This commit is contained in:
parent
c77ec598e7
commit
c4a60c54bb
21
src/config.c
21
src/config.c
|
@ -304,6 +304,7 @@ void
|
||||||
kore_parse_config(void)
|
kore_parse_config(void)
|
||||||
{
|
{
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
BIO *bio;
|
||||||
char path[PATH_MAX];
|
char path[PATH_MAX];
|
||||||
|
|
||||||
if (finalized)
|
if (finalized)
|
||||||
|
@ -327,6 +328,17 @@ kore_parse_config(void)
|
||||||
(void)fclose(fp);
|
(void)fclose(fp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (tls_dhparam == NULL) {
|
||||||
|
if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL)
|
||||||
|
fatal("failed to open %s", KORE_DHPARAM_PATH);
|
||||||
|
|
||||||
|
tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
||||||
|
BIO_free(bio);
|
||||||
|
|
||||||
|
if (tls_dhparam == NULL)
|
||||||
|
fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s);
|
||||||
|
}
|
||||||
|
|
||||||
if (!kore_module_loaded())
|
if (!kore_module_loaded())
|
||||||
fatal("no application module was loaded");
|
fatal("no application module was loaded");
|
||||||
|
|
||||||
|
@ -341,17 +353,14 @@ kore_parse_config(void)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (getuid() != 0 && skip_chroot == 0) {
|
if (getuid() != 0 && skip_chroot == 0)
|
||||||
fatal("cannot chroot, use -n to skip it");
|
fatal("cannot chroot, use -n to skip it");
|
||||||
}
|
|
||||||
|
|
||||||
if (skip_runas != 1 && kore_runas_user == NULL) {
|
if (skip_runas != 1 && kore_runas_user == NULL)
|
||||||
fatal("missing runas user, use -r to skip it");
|
fatal("missing runas user, use -r to skip it");
|
||||||
}
|
|
||||||
|
|
||||||
if (getuid() != 0 && skip_runas == 0) {
|
if (getuid() != 0 && skip_runas == 0)
|
||||||
fatal("cannot drop privileges, use -r to skip it");
|
fatal("cannot drop privileges, use -r to skip it");
|
||||||
}
|
|
||||||
|
|
||||||
if (skip_runas) {
|
if (skip_runas) {
|
||||||
if (!kore_quiet)
|
if (!kore_quiet)
|
||||||
|
|
13
src/domain.c
13
src/domain.c
|
@ -222,7 +222,6 @@ kore_domain_tlsinit(struct kore_domain *dom, int type,
|
||||||
{
|
{
|
||||||
const u_int8_t *ptr;
|
const u_int8_t *ptr;
|
||||||
RSA *rsa;
|
RSA *rsa;
|
||||||
BIO *bio;
|
|
||||||
X509 *x509;
|
X509 *x509;
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
STACK_OF(X509_NAME) *certs;
|
STACK_OF(X509_NAME) *certs;
|
||||||
|
@ -327,16 +326,8 @@ kore_domain_tlsinit(struct kore_domain *dom, int type,
|
||||||
dom->domain, ssl_errno_s);
|
dom->domain, ssl_errno_s);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tls_dhparam == NULL) {
|
if (tls_dhparam == NULL)
|
||||||
if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL)
|
fatal("no DH parameters specified");
|
||||||
fatal("failed to open %s", KORE_DHPARAM_PATH);
|
|
||||||
|
|
||||||
tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
|
||||||
BIO_free(bio);
|
|
||||||
|
|
||||||
if (tls_dhparam == NULL)
|
|
||||||
fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s);
|
|
||||||
}
|
|
||||||
|
|
||||||
SSL_CTX_set_tmp_dh(dom->ssl_ctx, tls_dhparam);
|
SSL_CTX_set_tmp_dh(dom->ssl_ctx, tls_dhparam);
|
||||||
SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);
|
SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);
|
||||||
|
|
Loading…
Reference in New Issue