summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVladislav Grishenko <themiron@mail.ru>2017-11-29 00:23:38 +0500
committerVladislav Grishenko <themiron@mail.ru>2017-12-30 22:48:56 +0500
commit0da2a12029cc8c8dd54ab7c2dc8ea468b985e919 (patch)
treecaa71c3312a4fc5eb14f211d140715110a87f8a4
parentbfc5edb07582e78533e8e47817abfb0b44edea33 (diff)
downloadaccel-ppp-0da2a12029cc8c8dd54ab7c2dc8ea468b985e919.tar.gz
accel-ppp-0da2a12029cc8c8dd54ab7c2dc8ea468b985e919.zip
sstp: use ssl-keyfile option for certificate private key
if not set, fallback to private key in the same ssl-pemfile
-rw-r--r--accel-pppd/accel-ppp.conf3
-rw-r--r--accel-pppd/ctrl/sstp/sstp.c92
2 files changed, 47 insertions, 48 deletions
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf
index e6922533..68cb45cf 100644
--- a/accel-pppd/accel-ppp.conf
+++ b/accel-pppd/accel-ppp.conf
@@ -117,7 +117,8 @@ verbose=1
#ssl-ciphers=DEFAULT
#ssl-prefer-server-ciphers=0
#ssl-ca-file=/etc/ssl/sstp-ca.crt
-#ssl-pemfile=/etc/ssl/sstp.pem
+#ssl-pemfile=/etc/ssl/sstp-cert.pem
+#ssl-keyfile=/etc/ssl/sstp-key.pem
#timeout=60
#hello-interval=60
#ip-pool=sstp
diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c
index dc2a1a2e..209de22a 100644
--- a/accel-pppd/ctrl/sstp/sstp.c
+++ b/accel-pppd/ctrl/sstp/sstp.c
@@ -1907,6 +1907,9 @@ static int hex2bin(const char *src, uint8_t *dst, size_t size)
static void load_config(void)
{
char *opt;
+#ifdef CRYPTO_OPENSSL
+ BIO *in;
+#endif
opt = conf_get_opt("sstp", "cert-hash-proto");
if (opt) {
@@ -1942,59 +1945,54 @@ static void load_config(void)
conf_ssl_ca_file = conf_get_opt("sstp", "ssl-ca-file");
- opt = conf_get_opt("sstp", "ssl-pemfile");
- if (opt) {
- BIO *in;
-
- in = BIO_new(BIO_s_file_internal());
- if (!in) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
- log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL));
- goto done;
- }
-
- if (BIO_read_filename(in, opt) <= 0) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
- log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL));
- goto done;
- }
-
- conf_ssl_cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
- if (!conf_ssl_cert) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
- log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL));
- goto done;
- }
+ in = BIO_new(BIO_s_file_internal());
+ if (in) {
+ opt = conf_get_opt("sstp", "ssl-pemfile");
+ if (opt) do {
+ if (BIO_read_filename(in, opt) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+ log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL));
+ break;
+ }
- if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA1) {
- X509_digest(conf_ssl_cert, EVP_sha1(),
- conf_hash_sha1.hash, &conf_hash_sha1.len);
- }
+ conf_ssl_cert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+ if (!conf_ssl_cert) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
+ log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL));
+ break;
+ }
- if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA256) {
- X509_digest(conf_ssl_cert, EVP_sha256(),
- conf_hash_sha256.hash, &conf_hash_sha256.len);
- }
+ if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA1) {
+ X509_digest(conf_ssl_cert, EVP_sha1(),
+ conf_hash_sha1.hash, &conf_hash_sha1.len);
+ }
- if (!conf_ssl)
- goto done;
+ if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA256) {
+ X509_digest(conf_ssl_cert, EVP_sha256(),
+ conf_hash_sha256.hash, &conf_hash_sha256.len);
+ }
+ } while (0);
- if (BIO_read_filename(in, opt) <= 0) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
- log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL));
- goto done;
- }
+ opt = conf_get_opt("sstp", "ssl-keyfile") ? : opt;
+ if (opt && conf_ssl) do {
+ if (BIO_read_filename(in, opt) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+ log_error("sstp: SSL private key error: %s\n", ERR_error_string(ERR_get_error(), NULL));
+ break;
+ }
- conf_ssl_pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
- if (!conf_ssl_pkey) {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB);
- log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL));
- goto done;
- }
+ conf_ssl_pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
+ if (!conf_ssl_pkey) {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB);
+ log_error("sstp: SSL private key error: %s\n", ERR_error_string(ERR_get_error(), NULL));
+ break;
+ }
+ } while (0);
- done:
- if (in)
- BIO_free(in);
+ BIO_free(in);
+ } else {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+ log_error("sstp: SSL error: %s\n", ERR_error_string(ERR_get_error(), NULL));
}
#endif