mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-09 00:43:12 +02:00
+- Made support in *nix for encrypted SSL private keys,
+ "make encpem" to make an encrypted server key if you already have one
This commit is contained in:
@@ -1068,3 +1068,5 @@ seen. gmtime warning still there
|
||||
- Fixed .1081 problem, see bug #0000020 for more information about how
|
||||
it REALLY should be fixed
|
||||
- Fixed a typo reported by Tracer (bug #0000022)
|
||||
- Made support in *nix for encrypted SSL private keys,
|
||||
"make encpem" to make an encrypted server key if you already have one
|
||||
|
||||
+13
-2
@@ -223,7 +223,7 @@ install: all
|
||||
$(INSTALL) -m 0700 -d $(IRCDDIR)/modules
|
||||
$(INSTALL) -m 0700 src/modules/*.so $(IRCDDIR)/modules
|
||||
|
||||
pem: src/ssl.cnf
|
||||
pem: src/ssl.cnf
|
||||
@echo "Generating certificate request .. "
|
||||
$(OPENSSLPATH) req -new \
|
||||
-config src/ssl.cnf -out server.req.pem \
|
||||
@@ -237,4 +237,15 @@ install: all
|
||||
@echo "Setting o-rwx & g-rwx for files... "
|
||||
chmod o-rwx server.req.pem server.key.pem server.cert.pem
|
||||
chmod g-rwx server.req.pem server.key.pem server.cert.pem
|
||||
@echo "Done!."
|
||||
@echo "Done!. If you want to encrypt the private key, run"
|
||||
@echo "make encpem"
|
||||
|
||||
encpem: server.key.pem
|
||||
@echo "Encrypting server key .."
|
||||
$(OPENSSLPATH) rsa -in server.key.pem -out server.key.c.pem -des3
|
||||
-@if [ -f server.key.c.pem ] ; then \
|
||||
echo "Replacing unencrypted with encrypted .." ; \
|
||||
cp server.key.c.pem server.key.pem ; \
|
||||
rm -f server.key.c.pem ; \
|
||||
fi
|
||||
|
||||
|
||||
+4
-3
@@ -1102,6 +1102,10 @@ int InitwIRCD(argc, argv)
|
||||
load_tunefile();
|
||||
make_umodestr();
|
||||
make_cmodestr();
|
||||
#ifdef USE_SSL
|
||||
fprintf(stderr, "* Initializing SSL.\n");
|
||||
init_ssl();
|
||||
#endif
|
||||
fprintf(stderr,
|
||||
"* Dynamic configuration initialized .. booting IRCd.\n");
|
||||
fprintf(stderr,
|
||||
@@ -1189,9 +1193,6 @@ int InitwIRCD(argc, argv)
|
||||
R_fin_id = strlen(REPORT_FIN_ID);
|
||||
R_fail_id = strlen(REPORT_FAIL_ID);
|
||||
write_pidfile();
|
||||
#ifdef USE_SSL
|
||||
init_ssl();
|
||||
#endif
|
||||
Debug((DEBUG_NOTICE, "Server ready..."));
|
||||
#ifdef USE_SYSLOG
|
||||
syslog(LOG_NOTICE, "Server Ready");
|
||||
|
||||
@@ -29,6 +29,32 @@ SSL_CTX *ctx_client;
|
||||
|
||||
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); }
|
||||
|
||||
int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *password)
|
||||
{
|
||||
#ifndef _WIN32
|
||||
char *pass;
|
||||
static int before = 0;
|
||||
static char beforebuf[1024];
|
||||
if (before)
|
||||
{
|
||||
strncpy(buf, (char *)beforebuf, size);
|
||||
buf[size - 1] = '\0';
|
||||
return (strlen(buf));
|
||||
}
|
||||
pass = getpass("Password for SSL private key: ");
|
||||
if (pass)
|
||||
{
|
||||
strncpy(buf, (char *)pass, size);
|
||||
strncpy(beforebuf, (char *)pass, sizeof(beforebuf));
|
||||
beforebuf[sizeof(beforebuf) - 1] = '\0';
|
||||
buf[size - 1] = '\0';
|
||||
before = 1;
|
||||
return (strlen(buf));
|
||||
}
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
void init_ctx_server(void)
|
||||
{
|
||||
ctx_server = SSL_CTX_new(SSLv23_server_method());
|
||||
@@ -37,6 +63,9 @@ void init_ctx_server(void)
|
||||
ircd_log(LOG_ERROR, "Failed to do SSL CTX new");
|
||||
exit(2);
|
||||
}
|
||||
#ifndef _WIN32
|
||||
SSL_CTX_set_default_passwd_cb(ctx_server, ssl_pem_passwd_cb);
|
||||
#endif
|
||||
|
||||
if (SSL_CTX_use_certificate_file(ctx_server, CERTF, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
@@ -64,7 +93,9 @@ void init_ctx_client(void)
|
||||
ircd_log(LOG_ERROR, "Failed to do SSL CTX new client");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
#ifndef _WIN32
|
||||
SSL_CTX_set_default_passwd_cb(ctx_client, ssl_pem_passwd_cb);
|
||||
#endif
|
||||
if (SSL_CTX_use_certificate_file(ctx_client, CERTF, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
ircd_log(LOG_ERROR, "Failed to load SSL certificate %s (client)", CERTF);
|
||||
|
||||
Reference in New Issue
Block a user