diff options
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index e329186a5..b3c7bca3e 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -335,6 +335,7 @@ class ModuleSSLGnuTLS : public Module { gnutls_dh_params_deinit(dh_params); dh_alloc = false; + dh_params = NULL; } if (cred_alloc) @@ -422,10 +423,30 @@ class ModuleSSLGnuTLS : public Module ret = gnutls_dh_params_init(&dh_params); dh_alloc = (ret >= 0); if (!dh_alloc) + { ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret)); + return; + } - // This may be on a large (once a day or week) timer eventually. - GenerateDHParams(); + std::string dhfile = Conf->getString("dhfile"); + if (!dhfile.empty()) + { + // Try to load DH params from file + reader.LoadFile(dhfile); + std::string dhstring = reader.Contents(); + gnutls_datum_t dh_datum = { (unsigned char*)dhstring.data(), static_cast<unsigned int>(dhstring.length()) }; + + if ((ret = gnutls_dh_params_import_pkcs3(dh_params, &dh_datum, GNUTLS_X509_FMT_PEM)) < 0) + { + // File unreadable or GnuTLS was unhappy with the contents, generate the DH primes now + ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls.so: Generating DH parameters because I failed to load them from file '%s': %s", dhfile.c_str(), gnutls_strerror(ret)); + GenerateDHParams(); + } + } + else + { + GenerateDHParams(); + } } void GenerateDHParams() |