summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorattilamolnar <attilamolnar@hush.com>2013-03-10 14:08:51 +0100
committerattilamolnar <attilamolnar@hush.com>2013-04-24 19:48:31 +0200
commit40398162c326eab06d1ce6e9397c25b0a32fa368 (patch)
treebb39914add2400259ce4fd9c4dd90f83812f4b71
parentf6aea98dc5c3d9e2e54cde5aaf3198eee3c1ebfb (diff)
m_ssl_gnutls Add ability to load DH params from file
This greatly decreases the load time because the DH parameters no longer have to be (re)generated each time the module is loaded
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp25
1 files changed, 23 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index e329186a5..b3c7bca3e 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -335,6 +335,7 @@ class ModuleSSLGnuTLS : public Module
{
gnutls_dh_params_deinit(dh_params);
dh_alloc = false;
+ dh_params = NULL;
}
if (cred_alloc)
@@ -422,10 +423,30 @@ class ModuleSSLGnuTLS : public Module
ret = gnutls_dh_params_init(&dh_params);
dh_alloc = (ret >= 0);
if (!dh_alloc)
+ {
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret));
+ return;
+ }
- // This may be on a large (once a day or week) timer eventually.
- GenerateDHParams();
+ std::string dhfile = Conf->getString("dhfile");
+ if (!dhfile.empty())
+ {
+ // Try to load DH params from file
+ reader.LoadFile(dhfile);
+ std::string dhstring = reader.Contents();
+ gnutls_datum_t dh_datum = { (unsigned char*)dhstring.data(), static_cast<unsigned int>(dhstring.length()) };
+
+ if ((ret = gnutls_dh_params_import_pkcs3(dh_params, &dh_datum, GNUTLS_X509_FMT_PEM)) < 0)
+ {
+ // File unreadable or GnuTLS was unhappy with the contents, generate the DH primes now
+ ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls.so: Generating DH parameters because I failed to load them from file '%s': %s", dhfile.c_str(), gnutls_strerror(ret));
+ GenerateDHParams();
+ }
+ }
+ else
+ {
+ GenerateDHParams();
+ }
}
void GenerateDHParams()