diff options
| author | Vladislav Grishenko <themiron@mail.ru> | 2017-11-29 00:23:38 +0500 |
|---|---|---|
| committer | Vladislav Grishenko <themiron@mail.ru> | 2017-12-30 22:48:56 +0500 |
| commit | 0da2a12029cc8c8dd54ab7c2dc8ea468b985e919 (patch) | |
| tree | caa71c3312a4fc5eb14f211d140715110a87f8a4 /accel-pppd | |
| parent | bfc5edb07582e78533e8e47817abfb0b44edea33 (diff) | |
| download | accel-ppp-xebd-0da2a12029cc8c8dd54ab7c2dc8ea468b985e919.tar.gz accel-ppp-xebd-0da2a12029cc8c8dd54ab7c2dc8ea468b985e919.zip | |
sstp: use ssl-keyfile option for certificate private key
if not set, fallback to private key in the same ssl-pemfile
Diffstat (limited to 'accel-pppd')
| -rw-r--r-- | accel-pppd/accel-ppp.conf | 3 | ||||
| -rw-r--r-- | accel-pppd/ctrl/sstp/sstp.c | 92 |
2 files changed, 47 insertions, 48 deletions
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index e692253..68cb45c 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -117,7 +117,8 @@ verbose=1 #ssl-ciphers=DEFAULT #ssl-prefer-server-ciphers=0 #ssl-ca-file=/etc/ssl/sstp-ca.crt -#ssl-pemfile=/etc/ssl/sstp.pem +#ssl-pemfile=/etc/ssl/sstp-cert.pem +#ssl-keyfile=/etc/ssl/sstp-key.pem #timeout=60 #hello-interval=60 #ip-pool=sstp diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c index dc2a1a2..209de22 100644 --- a/accel-pppd/ctrl/sstp/sstp.c +++ b/accel-pppd/ctrl/sstp/sstp.c @@ -1907,6 +1907,9 @@ static int hex2bin(const char *src, uint8_t *dst, size_t size) static void load_config(void) { char *opt; +#ifdef CRYPTO_OPENSSL + BIO *in; +#endif opt = conf_get_opt("sstp", "cert-hash-proto"); if (opt) { @@ -1942,59 +1945,54 @@ static void load_config(void) conf_ssl_ca_file = conf_get_opt("sstp", "ssl-ca-file"); - opt = conf_get_opt("sstp", "ssl-pemfile"); - if (opt) { - BIO *in; - - in = BIO_new(BIO_s_file_internal()); - if (!in) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); - log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - goto done; - } - - if (BIO_read_filename(in, opt) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); - log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - goto done; - } - - conf_ssl_cert = PEM_read_bio_X509(in, NULL, NULL, NULL); - if (!conf_ssl_cert) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB); - log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - goto done; - } + in = BIO_new(BIO_s_file_internal()); + if (in) { + opt = conf_get_opt("sstp", "ssl-pemfile"); + if (opt) do { + if (BIO_read_filename(in, opt) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); + log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); + break; + } - if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA1) { - X509_digest(conf_ssl_cert, EVP_sha1(), - conf_hash_sha1.hash, &conf_hash_sha1.len); - } + conf_ssl_cert = PEM_read_bio_X509(in, NULL, NULL, NULL); + if (!conf_ssl_cert) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB); + log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); + break; + } - if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA256) { - X509_digest(conf_ssl_cert, EVP_sha256(), - conf_hash_sha256.hash, &conf_hash_sha256.len); - } + if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA1) { + X509_digest(conf_ssl_cert, EVP_sha1(), + conf_hash_sha1.hash, &conf_hash_sha1.len); + } - if (!conf_ssl) - goto done; + if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA256) { + X509_digest(conf_ssl_cert, EVP_sha256(), + conf_hash_sha256.hash, &conf_hash_sha256.len); + } + } while (0); - if (BIO_read_filename(in, opt) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); - log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - goto done; - } + opt = conf_get_opt("sstp", "ssl-keyfile") ? : opt; + if (opt && conf_ssl) do { + if (BIO_read_filename(in, opt) <= 0) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); + log_error("sstp: SSL private key error: %s\n", ERR_error_string(ERR_get_error(), NULL)); + break; + } - conf_ssl_pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); - if (!conf_ssl_pkey) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB); - log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - goto done; - } + conf_ssl_pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); + if (!conf_ssl_pkey) { + SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB); + log_error("sstp: SSL private key error: %s\n", ERR_error_string(ERR_get_error(), NULL)); + break; + } + } while (0); - done: - if (in) - BIO_free(in); + BIO_free(in); + } else { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); + log_error("sstp: SSL error: %s\n", ERR_error_string(ERR_get_error(), NULL)); } #endif |