Lines 37-42
Link Here
|
37 |
|
37 |
|
38 |
stralloc clientcert = {0}; |
38 |
stralloc clientcert = {0}; |
39 |
stralloc tlsserverciphers = {0}; |
39 |
stralloc tlsserverciphers = {0}; |
|
|
40 |
stralloc tlsserverlocalcert = {0}; |
40 |
#endif |
41 |
#endif |
41 |
|
42 |
|
42 |
#define BMCHECK_BMF 0 |
43 |
#define BMCHECK_BMF 0 |
Lines 270-275
Link Here
|
270 |
if (!remoteip) remoteip = "unknown"; |
271 |
if (!remoteip) remoteip = "unknown"; |
271 |
local = env_get("TCPLOCALHOST"); |
272 |
local = env_get("TCPLOCALHOST"); |
272 |
if (!local) local = env_get("TCPLOCALIP"); |
273 |
if (!local) local = env_get("TCPLOCALIP"); |
|
|
274 |
#ifdef TLS |
275 |
if(local) { |
276 |
stralloc_copys(&tlsserverlocalcert, "control/servercert-"); |
277 |
stralloc_cats(&tlsserverlocalcert, local); |
278 |
stralloc_cats(&tlsserverlocalcert, ".pem"); |
279 |
stralloc_0(&tlsserverlocalcert); |
280 |
} |
281 |
#endif |
273 |
if (!local) local = "unknown"; |
282 |
if (!local) local = "unknown"; |
274 |
remotehost = env_get("TCPREMOTEHOST"); |
283 |
remotehost = env_get("TCPREMOTEHOST"); |
275 |
if (!remotehost) remotehost = "unknown"; |
284 |
if (!remotehost) remotehost = "unknown"; |
Lines 794-805
Link Here
|
794 |
if(!(ctx=SSL_CTX_new(SSLv23_server_method()))) |
803 |
if(!(ctx=SSL_CTX_new(SSLv23_server_method()))) |
795 |
{out("454 TLS not available: unable to initialize ctx (#4.3.0)\r\n"); |
804 |
{out("454 TLS not available: unable to initialize ctx (#4.3.0)\r\n"); |
796 |
return;} |
805 |
return;} |
797 |
if(!SSL_CTX_use_RSAPrivateKey_file(ctx, "control/servercert.pem", SSL_FILETYPE_PEM)) |
806 |
if(tlsserverlocalcert.len && SSL_CTX_use_RSAPrivateKey_file(ctx, tlsserverlocalcert.s, SSL_FILETYPE_PEM)) { |
798 |
{out("454 TLS not available: missing RSA private key (#4.3.0)\r\n"); |
807 |
if(!SSL_CTX_use_certificate_chain_file(ctx, tlsserverlocalcert.s)) |
799 |
return;} |
808 |
{out("454 TLS not available: missing certificate (#4.3.0)\r\n"); |
800 |
if(!SSL_CTX_use_certificate_chain_file(ctx, "control/servercert.pem")) |
809 |
return;} |
801 |
{out("454 TLS not available: missing certificate (#4.3.0)\r\n"); |
810 |
} else { |
802 |
return;} |
811 |
if(!SSL_CTX_use_RSAPrivateKey_file(ctx, "control/servercert.pem", SSL_FILETYPE_PEM)) |
|
|
812 |
{out("454 TLS not available: missing RSA private key (#4.3.0)\r\n"); |
813 |
return;} |
814 |
if(!SSL_CTX_use_certificate_chain_file(ctx, "control/servercert.pem")) |
815 |
{out("454 TLS not available: missing certificate (#4.3.0)\r\n"); |
816 |
return;} |
817 |
} |
803 |
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); |
818 |
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); |
804 |
SSL_CTX_set_cipher_list(ctx,tlsserverciphers.s); |
819 |
SSL_CTX_set_cipher_list(ctx,tlsserverciphers.s); |
805 |
SSL_CTX_load_verify_locations(ctx, "control/clientca.pem",NULL); |
820 |
SSL_CTX_load_verify_locations(ctx, "control/clientca.pem",NULL); |