From 40398162c326eab06d1ce6e9397c25b0a32fa368 Mon Sep 17 00:00:00 2001 From: attilamolnar Date: Sun, 10 Mar 2013 14:08:51 +0100 Subject: m_ssl_gnutls Add ability to load DH params from file This greatly decreases the load time because the DH parameters no longer have to be (re)generated each time the module is loaded --- src/modules/extra/m_ssl_gnutls.cpp | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index e329186a5..b3c7bca3e 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -335,6 +335,7 @@ class ModuleSSLGnuTLS : public Module { gnutls_dh_params_deinit(dh_params); dh_alloc = false; + dh_params = NULL; } if (cred_alloc) @@ -422,10 +423,30 @@ class ModuleSSLGnuTLS : public Module ret = gnutls_dh_params_init(&dh_params); dh_alloc = (ret >= 0); if (!dh_alloc) + { ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret)); + return; + } - // This may be on a large (once a day or week) timer eventually. - GenerateDHParams(); + std::string dhfile = Conf->getString("dhfile"); + if (!dhfile.empty()) + { + // Try to load DH params from file + reader.LoadFile(dhfile); + std::string dhstring = reader.Contents(); + gnutls_datum_t dh_datum = { (unsigned char*)dhstring.data(), static_cast(dhstring.length()) }; + + if ((ret = gnutls_dh_params_import_pkcs3(dh_params, &dh_datum, GNUTLS_X509_FMT_PEM)) < 0) + { + // File unreadable or GnuTLS was unhappy with the contents, generate the DH primes now + ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls.so: Generating DH parameters because I failed to load them from file '%s': %s", dhfile.c_str(), gnutls_strerror(ret)); + GenerateDHParams(); + } + } + else + { + GenerateDHParams(); + } } void GenerateDHParams() -- cgit v1.2.3