aboutsummaryrefslogtreecommitdiff
path: root/server.c
diff options
context:
space:
mode:
Diffstat (limited to 'server.c')
-rw-r--r--server.c58
1 files changed, 21 insertions, 37 deletions
diff --git a/server.c b/server.c
index 46f2e5c..6e63120 100644
--- a/server.c
+++ b/server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server.c,v 1.55 2015/02/07 01:23:12 reyk Exp $ */
+/* $OpenBSD: server.c,v 1.57 2015/02/07 23:56:02 reyk Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org>
@@ -130,50 +130,23 @@ server_privinit(struct server *srv)
return (0);
}
-static char *
-server_load_file(const char *filename, off_t *len)
-{
- struct stat st;
- off_t size;
- char *buf = NULL;
- int fd;
-
- if ((fd = open(filename, O_RDONLY)) == -1)
- return (NULL);
- if (fstat(fd, &st) != 0)
- goto fail;
- size = st.st_size;
- if ((buf = calloc(1, size + 1)) == NULL)
- goto fail;
- if (read(fd, buf, size) != size)
- goto fail;
-
- close(fd);
-
- *len = size;
- return (buf);
-
- fail:
- free(buf);
- close(fd);
-
- return (NULL);
-}
-
int
server_tls_load_keypair(struct server *srv)
{
if ((srv->srv_conf.flags & SRVFLAG_TLS) == 0)
return (0);
- if ((srv->srv_conf.tls_cert = server_load_file(
- srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len)) == NULL)
+ if ((srv->srv_conf.tls_cert = tls_load_file(
+ srv->srv_conf.tls_cert_file, &srv->srv_conf.tls_cert_len,
+ NULL)) == NULL)
return (-1);
log_debug("%s: using certificate %s", __func__,
srv->srv_conf.tls_cert_file);
- if ((srv->srv_conf.tls_key = server_load_file(
- srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len)) == NULL)
+ /* XXX allow to specify password for encrypted key */
+ if ((srv->srv_conf.tls_key = tls_load_file(
+ srv->srv_conf.tls_key_file, &srv->srv_conf.tls_key_len,
+ NULL)) == NULL)
return (-1);
log_debug("%s: using private key %s", __func__,
srv->srv_conf.tls_key_file);
@@ -207,6 +180,17 @@ server_tls_init(struct server *srv)
log_warn("%s: failed to set tls ciphers", __func__);
return (-1);
}
+ if (tls_config_set_dheparams(srv->srv_tls_config,
+ srv->srv_conf.tls_dhe_params) != 0) {
+ log_warn("%s: failed to set tls dhe params", __func__);
+ return (-1);
+ }
+ if (tls_config_set_ecdhecurve(srv->srv_tls_config,
+ srv->srv_conf.tls_ecdhe_curve) != 0) {
+ log_warn("%s: failed to set tls ecdhe curve", __func__);
+ return (-1);
+ }
+
if (tls_config_set_cert_mem(srv->srv_tls_config,
srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len) != 0) {
log_warn("%s: failed to set tls cert", __func__);
@@ -334,8 +318,8 @@ serverconfig_free(struct server_config *srv_conf)
void
serverconfig_reset(struct server_config *srv_conf)
{
- srv_conf->tls_cert_file = srv_conf->tls_cert =
- srv_conf->tls_key_file = srv_conf->tls_key = NULL;
+ srv_conf->tls_cert_file = srv_conf->tls_key_file = NULL;
+ srv_conf->tls_cert = srv_conf->tls_key = NULL;
srv_conf->auth = NULL;
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion