Changeset 46
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/base.h
r9 r46 242 242 /* server wide */ 243 243 buffer *ssl_pemfile; 244 buffer *ssl_ca_file; 244 245 unsigned short use_ipv6; 245 246 unsigned short is_ssl; … … 425 426 426 427 buffer *ssl_pemfile; 428 buffer *ssl_ca_file; 427 429 unsigned short use_ipv6; 428 430 unsigned short is_ssl; -
trunk/src/config.c
r1 r46 201 201 { "debug.log-state-handling", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 37 */ 202 202 203 { "ssl.ca-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 38 */ 204 203 205 204 206 { "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET }, … … 248 250 s->server_name = buffer_init(); 249 251 s->ssl_pemfile = buffer_init(); 252 s->ssl_ca_file = buffer_init(); 250 253 s->error_handler = buffer_init(); 251 254 s->server_tag = buffer_init(); … … 294 297 295 298 cv[35].destination = &(s->allow_http11); 299 cv[38].destination = s->ssl_ca_file; 296 300 297 301 srv->config_storage[i] = s; … … 445 449 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.pemfile"))) { 446 450 PATCH(ssl_pemfile); 451 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) { 452 PATCH(ssl_ca_file); 447 453 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) { 448 454 PATCH(is_ssl); … … 1006 1012 1007 1013 if (s->is_ssl) { 1008 if ( s->ssl_pemfile->used == 0) {1014 if (buffer_is_empty(s->ssl_pemfile)) { 1009 1015 /* PEM file is require */ 1010 1016 -
trunk/src/network.c
r22 r46 282 282 } 283 283 284 if (0 > SSL_CTX_use_certificate_file(s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM)) { 284 if (!buffer_is_empty(s->ssl_ca_file)) { 285 if (1 != SSL_CTX_load_verify_locations(s->ssl_ctx, s->ssl_ca_file->ptr, NULL)) { 286 log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", 287 ERR_error_string(ERR_get_error(), NULL)); 288 return -1; 289 } 290 } 291 292 if (SSL_CTX_use_certificate_file(s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) { 285 293 log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", 286 294 ERR_error_string(ERR_get_error(), NULL)); 287 295 return -1; 288 } 289 290 if ( 0 > SSL_CTX_use_PrivateKey_file (s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM)) {296 } 297 298 if (SSL_CTX_use_PrivateKey_file (s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) { 291 299 log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", 292 300 ERR_error_string(ERR_get_error(), NULL)); … … 294 302 } 295 303 296 if (!SSL_CTX_check_private_key(s->ssl_ctx)) { 297 log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:", 298 "Private key does not match the certificate public key"); 304 if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) { 305 log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:", 306 "Private key does not match the certificate public key, reason:", 307 ERR_error_string(ERR_get_error(), NULL), 308 s->ssl_pemfile); 299 309 return -1; 300 310 } -
trunk/src/server.c
r29 r46 243 243 buffer_free(s->server_tag); 244 244 buffer_free(s->ssl_pemfile); 245 buffer_free(s->ssl_ca_file); 245 246 buffer_free(s->error_handler); 246 247 array_free(s->indexfiles);
