From 947de6a51fb26ad72ddf4216635947dcd05b5584 Mon Sep 17 00:00:00 2001 From: Martin Johansson Date: Fri, 3 May 2013 22:16:14 +0200 Subject: [PATCH] Configure switch to enable built-in test certificate added. Defaults to disabled. --- configure.ac | 5 +++++ src/ssl.c | 20 +++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index b4d65fe..d7f5f76 100644 --- a/configure.ac +++ b/configure.ac @@ -36,6 +36,7 @@ AM_INIT_AUTOMAKE # Configure options. AC_ARG_WITH([ssl], [AC_HELP_STRING([--with-ssl=@<:@LIB@:>@], [SSL library (openssl|polarssl) @<:@default=polarssl@:>@])], [], [with_ssl=polarssl]) +AC_ARG_ENABLE(polarssl-test-cert, [ --enable-polarssl-test-cert Link to PolarSSL test certificate and key @<:@default=no@:>@], [enable_polarssl_test_cert=yes]) # Checks for programs. AC_PROG_CC @@ -49,6 +50,10 @@ AS_IF([test "x$with_ssl" = xpolarssl], [ AC_CHECK_HEADERS([polarssl/ssl.h], [], [AC_MSG_ERROR([could not find polarssl/ssl.h])]) AC_CHECK_LIB([polarssl], [ssl_init], [], [AC_MSG_ERROR([could not find libpolarssl])]) AC_DEFINE([USE_POLARSSL], [], [Use PolarSSL]) + AS_IF([test "x$enable_polarssl_test_cert" = xyes], [ + AC_CHECK_LIB([polarssl], [test_srv_crt], [], [AC_MSG_ERROR([could not find test_srv_crt])]) + AC_DEFINE([USE_POLARSSL_TESTCERT], [], [Use PolarSSL test certificate]) + ]) ]) AS_IF([test "x$with_ssl" = xopenssl], [ AC_CHECK_HEADERS([openssl/ssl.h], [], [AC_MSG_ERROR([could not find openssl/ssl.h])]) diff --git a/src/ssl.c b/src/ssl.c index d337e44..e413db6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -80,6 +80,7 @@ char *my_dhm_P = "DEF409C08E8AC24D1732A6128D2220DC53"; char *my_dhm_G = "4"; +#ifdef USE_POLARSSL_TESTCERT static void initTestCert() { int rc; @@ -99,6 +100,7 @@ static void initTestKey() if (rc != 0) Log_fatal("Could not parse built-in test RSA key"); } +#endif /* * How to generate a self-signed cert with openssl: @@ -111,14 +113,22 @@ static void initCert() char *crtfile = (char *)getStrConf(CERTIFICATE); if (crtfile == NULL) { - Log_warn("No certificate file specified"); +#ifdef USE_POLARSSL_TESTCERT + Log_warn("No certificate file specified. Falling back to test certificate."); initTestCert(); +#else + Log_fatal("No certificate file specified"); +#endif return; } rc = x509parse_crtfile(&certificate, crtfile); if (rc != 0) { - Log_warn("Could not read certificate file %s", crtfile); +#ifdef USE_POLARSSL_TESTCERT + Log_warn("Could not read certificate file '%s'. Falling back to test certificate.", crtfile); initTestCert(); +#else + Log_fatal("Could not read certificate file '%s'", crtfile); +#endif return; } } @@ -147,13 +157,17 @@ void SSLi_init(void) char verstring[12]; initCert(); +#ifdef USE_POLARSSL_TESTCERT if (builtInTestCertificate) { Log_warn("*** Using built-in test certificate and RSA key ***"); - Log_warn("*** This is not secure! Please use a CA-signed certificate or create a self-signed certificate ***"); + Log_warn("*** This is not secure! Please use a CA-signed certificate or create a key and self-signed certificate ***"); initTestKey(); } else initKey(); +#else + initKey(); +#endif havege_init(&hs); #ifdef POLARSSL_VERSION_MAJOR -- 2.30.2