Configure switch to enable built-in test certificate added. Defaults to disabled.

diff --git a/configure.ac b/configure.ac
index b4d65fe0c20df376969624a642731fb1a8c1b603..d7f5f7603efc2a4c8632902ced4d31ac9f7ac793 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -36,6 +36,7 @@ AM_INIT_AUTOMAKE
 
 # Configure options.
 AC_ARG_WITH([ssl], [AC_HELP_STRING([--with-ssl=@<:@LIB@:>@], [SSL library (openssl|polarssl) @<:@default=polarssl@:>@])], [], [with_ssl=polarssl])
+AC_ARG_ENABLE(polarssl-test-cert, [  --enable-polarssl-test-cert  Link to PolarSSL test certificate and key @<:@default=no@:>@], [enable_polarssl_test_cert=yes])
 
 # Checks for programs.
 AC_PROG_CC
@@ -49,6 +50,10 @@ AS_IF([test "x$with_ssl" = xpolarssl], [
        AC_CHECK_HEADERS([polarssl/ssl.h], [], [AC_MSG_ERROR([could not find polarssl/ssl.h])])
        AC_CHECK_LIB([polarssl], [ssl_init], [], [AC_MSG_ERROR([could not find libpolarssl])])
        AC_DEFINE([USE_POLARSSL], [], [Use PolarSSL])
+    AS_IF([test "x$enable_polarssl_test_cert" = xyes], [
+           AC_CHECK_LIB([polarssl], [test_srv_crt], [], [AC_MSG_ERROR([could not find test_srv_crt])])
+           AC_DEFINE([USE_POLARSSL_TESTCERT], [], [Use PolarSSL test certificate])
+    ])
 ])
 AS_IF([test "x$with_ssl" = xopenssl], [
        AC_CHECK_HEADERS([openssl/ssl.h], [], [AC_MSG_ERROR([could not find openssl/ssl.h])])

diff --git a/src/ssl.c b/src/ssl.c
index d337e443c26875f0cb41e48acda3e02a8cc83b71..e413db6de7b0afb6906b9f5f280d3f17159ff0ff 100644 (file)
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -80,6 +80,7 @@ char *my_dhm_P =
        "DEF409C08E8AC24D1732A6128D2220DC53";
 char *my_dhm_G = "4";
 
+#ifdef USE_POLARSSL_TESTCERT
 static void initTestCert()
 {
        int rc;
@@ -99,6 +100,7 @@ static void initTestKey()
        if (rc != 0)
                Log_fatal("Could not parse built-in test RSA key");
 }
+#endif
 
 /*
  * How to generate a self-signed cert with openssl:
@@ -111,14 +113,22 @@ static void initCert()
        char *crtfile = (char *)getStrConf(CERTIFICATE);
        
        if (crtfile == NULL) {
-               Log_warn("No certificate file specified");
+#ifdef USE_POLARSSL_TESTCERT
+               Log_warn("No certificate file specified. Falling back to test certificate.");
                initTestCert();
+#else
+               Log_fatal("No certificate file specified");
+#endif
                return;
        }
        rc = x509parse_crtfile(&certificate, crtfile);
        if (rc != 0) {
-               Log_warn("Could not read certificate file %s", crtfile);
+#ifdef USE_POLARSSL_TESTCERT
+               Log_warn("Could not read certificate file '%s'. Falling back to test certificate.", crtfile);
                initTestCert();
+#else
+               Log_fatal("Could not read certificate file '%s'", crtfile);
+#endif
                return;
        }
 }
@@ -147,13 +157,17 @@ void SSLi_init(void)
        char verstring[12];
        
        initCert();
+#ifdef USE_POLARSSL_TESTCERT
        if (builtInTestCertificate) {
                Log_warn("*** Using built-in test certificate and RSA key ***");
-               Log_warn("*** This is not secure! Please use a CA-signed certificate or create a self-signed certificate ***");
+               Log_warn("*** This is not secure! Please use a CA-signed certificate or create a key and self-signed certificate ***");
                initTestKey();
        }
        else
                initKey();
+#else
+       initKey();
+#endif
     havege_init(&hs);
     
 #ifdef POLARSSL_VERSION_MAJOR