summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp25
1 files changed, 23 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index e329186a5..b3c7bca3e 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -335,6 +335,7 @@ class ModuleSSLGnuTLS : public Module
{
gnutls_dh_params_deinit(dh_params);
dh_alloc = false;
+ dh_params = NULL;
}
if (cred_alloc)
@@ -422,10 +423,30 @@ class ModuleSSLGnuTLS : public Module
ret = gnutls_dh_params_init(&dh_params);
dh_alloc = (ret >= 0);
if (!dh_alloc)
+ {
ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret));
+ return;
+ }
- // This may be on a large (once a day or week) timer eventually.
- GenerateDHParams();
+ std::string dhfile = Conf->getString("dhfile");
+ if (!dhfile.empty())
+ {
+ // Try to load DH params from file
+ reader.LoadFile(dhfile);
+ std::string dhstring = reader.Contents();
+ gnutls_datum_t dh_datum = { (unsigned char*)dhstring.data(), static_cast<unsigned int>(dhstring.length()) };
+
+ if ((ret = gnutls_dh_params_import_pkcs3(dh_params, &dh_datum, GNUTLS_X509_FMT_PEM)) < 0)
+ {
+ // File unreadable or GnuTLS was unhappy with the contents, generate the DH primes now
+ ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls.so: Generating DH parameters because I failed to load them from file '%s': %s", dhfile.c_str(), gnutls_strerror(ret));
+ GenerateDHParams();
+ }
+ }
+ else
+ {
+ GenerateDHParams();
+ }
}
void GenerateDHParams()