|
Lines 37-42
Link Here
|
| 37 |
|
37 |
|
| 38 |
stralloc clientcert = {0}; |
38 |
stralloc clientcert = {0}; |
| 39 |
stralloc tlsserverciphers = {0}; |
39 |
stralloc tlsserverciphers = {0}; |
|
|
40 |
stralloc tlsserverlocalcert = {0}; |
| 40 |
#endif |
41 |
#endif |
| 41 |
|
42 |
|
| 42 |
#define BMCHECK_BMF 0 |
43 |
#define BMCHECK_BMF 0 |
|
Lines 270-275
Link Here
|
| 270 |
if (!remoteip) remoteip = "unknown"; |
271 |
if (!remoteip) remoteip = "unknown"; |
| 271 |
local = env_get("TCPLOCALHOST"); |
272 |
local = env_get("TCPLOCALHOST"); |
| 272 |
if (!local) local = env_get("TCPLOCALIP"); |
273 |
if (!local) local = env_get("TCPLOCALIP"); |
|
|
274 |
#ifdef TLS |
| 275 |
if(local) { |
| 276 |
stralloc_copys(&tlsserverlocalcert, "control/servercert-"); |
| 277 |
stralloc_cats(&tlsserverlocalcert, local); |
| 278 |
stralloc_cats(&tlsserverlocalcert, ".pem"); |
| 279 |
stralloc_0(&tlsserverlocalcert); |
| 280 |
} |
| 281 |
#endif |
| 273 |
if (!local) local = "unknown"; |
282 |
if (!local) local = "unknown"; |
| 274 |
remotehost = env_get("TCPREMOTEHOST"); |
283 |
remotehost = env_get("TCPREMOTEHOST"); |
| 275 |
if (!remotehost) remotehost = "unknown"; |
284 |
if (!remotehost) remotehost = "unknown"; |
|
Lines 794-805
Link Here
|
| 794 |
if(!(ctx=SSL_CTX_new(SSLv23_server_method()))) |
803 |
if(!(ctx=SSL_CTX_new(SSLv23_server_method()))) |
| 795 |
{out("454 TLS not available: unable to initialize ctx (#4.3.0)\r\n"); |
804 |
{out("454 TLS not available: unable to initialize ctx (#4.3.0)\r\n"); |
| 796 |
return;} |
805 |
return;} |
| 797 |
if(!SSL_CTX_use_RSAPrivateKey_file(ctx, "control/servercert.pem", SSL_FILETYPE_PEM)) |
806 |
if(tlsserverlocalcert.len && SSL_CTX_use_RSAPrivateKey_file(ctx, tlsserverlocalcert.s, SSL_FILETYPE_PEM)) { |
| 798 |
{out("454 TLS not available: missing RSA private key (#4.3.0)\r\n"); |
807 |
if(!SSL_CTX_use_certificate_chain_file(ctx, tlsserverlocalcert.s)) |
| 799 |
return;} |
808 |
{out("454 TLS not available: missing certificate (#4.3.0)\r\n"); |
| 800 |
if(!SSL_CTX_use_certificate_chain_file(ctx, "control/servercert.pem")) |
809 |
return;} |
| 801 |
{out("454 TLS not available: missing certificate (#4.3.0)\r\n"); |
810 |
} else { |
| 802 |
return;} |
811 |
if(!SSL_CTX_use_RSAPrivateKey_file(ctx, "control/servercert.pem", SSL_FILETYPE_PEM)) |
|
|
812 |
{out("454 TLS not available: missing RSA private key (#4.3.0)\r\n"); |
| 813 |
return;} |
| 814 |
if(!SSL_CTX_use_certificate_chain_file(ctx, "control/servercert.pem")) |
| 815 |
{out("454 TLS not available: missing certificate (#4.3.0)\r\n"); |
| 816 |
return;} |
| 817 |
} |
| 803 |
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); |
818 |
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); |
| 804 |
SSL_CTX_set_cipher_list(ctx,tlsserverciphers.s); |
819 |
SSL_CTX_set_cipher_list(ctx,tlsserverciphers.s); |
| 805 |
SSL_CTX_load_verify_locations(ctx, "control/clientca.pem",NULL); |
820 |
SSL_CTX_load_verify_locations(ctx, "control/clientca.pem",NULL); |
