summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp31
1 files changed, 22 insertions, 9 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 22c027cfb..6ca876d4c 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -156,6 +156,7 @@ class ModuleSSLGnuTLS : public Module
int dh_bits;
bool cred_alloc;
+ bool dh_alloc;
RandGen randhandler;
CommandStartTLS starttls;
@@ -173,6 +174,7 @@ class ModuleSSLGnuTLS : public Module
gnutls_x509_privkey_init(&x509_key);
cred_alloc = false;
+ dh_alloc = false;
}
void init()
@@ -252,20 +254,25 @@ class ModuleSSLGnuTLS : public Module
int ret;
+ if (dh_alloc)
+ {
+ gnutls_dh_params_deinit(dh_params);
+ dh_alloc = false;
+ }
+
if (cred_alloc)
{
// Deallocate the old credentials
- gnutls_dh_params_deinit(dh_params);
gnutls_certificate_free_credentials(x509_cred);
for(unsigned int i=0; i < x509_certs.size(); i++)
gnutls_x509_crt_deinit(x509_certs[i]);
x509_certs.clear();
}
- else
- cred_alloc = true;
- if((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0)
+ ret = gnutls_certificate_allocate_credentials(&x509_cred);
+ cred_alloc = (ret >= 0);
+ if (!cred_alloc)
ServerInstance->Logs->Log("m_ssl_gnutls",DEBUG, "m_ssl_gnutls.so: Failed to allocate certificate credentials: %s", gnutls_strerror(ret));
if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
@@ -300,7 +307,9 @@ class ModuleSSLGnuTLS : public Module
gnutls_certificate_client_set_retrieve_function (x509_cred, cert_callback);
- if((ret = gnutls_dh_params_init(&dh_params)) < 0)
+ ret = gnutls_dh_params_init(&dh_params);
+ dh_alloc = (ret >= 0);
+ if (!dh_alloc)
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret));
// This may be on a large (once a day or week) timer eventually.
@@ -314,6 +323,9 @@ class ModuleSSLGnuTLS : public Module
// once a day, once a week or once a month. Depending on the
// security requirements.
+ if (!dh_alloc)
+ return;
+
int ret;
if((ret = gnutls_dh_params_generate2(dh_params, dh_bits)) < 0)
@@ -324,13 +336,14 @@ class ModuleSSLGnuTLS : public Module
{
for(unsigned int i=0; i < x509_certs.size(); i++)
gnutls_x509_crt_deinit(x509_certs[i]);
- x509_certs.clear();
+
gnutls_x509_privkey_deinit(x509_key);
- if (cred_alloc)
- {
+
+ if (dh_alloc)
gnutls_dh_params_deinit(dh_params);
+ if (cred_alloc)
gnutls_certificate_free_credentials(x509_cred);
- }
+
gnutls_global_deinit();
delete[] sessions;
ServerInstance->GenRandom = &ServerInstance->HandleGenRandom;