1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 00:43:12 +02:00

+- Made support in *nix for encrypted SSL private keys,

+  "make encpem" to make an encrypted server key if you already have one
This commit is contained in:
stskeeps
2002-01-01 16:25:29 +00:00
parent 3bdee011e9
commit bebebf6cdf
4 changed files with 51 additions and 6 deletions
+2
View File
@@ -1068,3 +1068,5 @@ seen. gmtime warning still there
- Fixed .1081 problem, see bug #0000020 for more information about how
it REALLY should be fixed
- Fixed a typo reported by Tracer (bug #0000022)
- Made support in *nix for encrypted SSL private keys,
"make encpem" to make an encrypted server key if you already have one
+13 -2
View File
@@ -223,7 +223,7 @@ install: all
$(INSTALL) -m 0700 -d $(IRCDDIR)/modules
$(INSTALL) -m 0700 src/modules/*.so $(IRCDDIR)/modules
pem: src/ssl.cnf
pem: src/ssl.cnf
@echo "Generating certificate request .. "
$(OPENSSLPATH) req -new \
-config src/ssl.cnf -out server.req.pem \
@@ -237,4 +237,15 @@ install: all
@echo "Setting o-rwx & g-rwx for files... "
chmod o-rwx server.req.pem server.key.pem server.cert.pem
chmod g-rwx server.req.pem server.key.pem server.cert.pem
@echo "Done!."
@echo "Done!. If you want to encrypt the private key, run"
@echo "make encpem"
encpem: server.key.pem
@echo "Encrypting server key .."
$(OPENSSLPATH) rsa -in server.key.pem -out server.key.c.pem -des3
-@if [ -f server.key.c.pem ] ; then \
echo "Replacing unencrypted with encrypted .." ; \
cp server.key.c.pem server.key.pem ; \
rm -f server.key.c.pem ; \
fi
+4 -3
View File
@@ -1102,6 +1102,10 @@ int InitwIRCD(argc, argv)
load_tunefile();
make_umodestr();
make_cmodestr();
#ifdef USE_SSL
fprintf(stderr, "* Initializing SSL.\n");
init_ssl();
#endif
fprintf(stderr,
"* Dynamic configuration initialized .. booting IRCd.\n");
fprintf(stderr,
@@ -1189,9 +1193,6 @@ int InitwIRCD(argc, argv)
R_fin_id = strlen(REPORT_FIN_ID);
R_fail_id = strlen(REPORT_FAIL_ID);
write_pidfile();
#ifdef USE_SSL
init_ssl();
#endif
Debug((DEBUG_NOTICE, "Server ready..."));
#ifdef USE_SYSLOG
syslog(LOG_NOTICE, "Server Ready");
+32 -1
View File
@@ -29,6 +29,32 @@ SSL_CTX *ctx_client;
#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); }
int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *password)
{
#ifndef _WIN32
char *pass;
static int before = 0;
static char beforebuf[1024];
if (before)
{
strncpy(buf, (char *)beforebuf, size);
buf[size - 1] = '\0';
return (strlen(buf));
}
pass = getpass("Password for SSL private key: ");
if (pass)
{
strncpy(buf, (char *)pass, size);
strncpy(beforebuf, (char *)pass, sizeof(beforebuf));
beforebuf[sizeof(beforebuf) - 1] = '\0';
buf[size - 1] = '\0';
before = 1;
return (strlen(buf));
}
return 0;
#endif
}
void init_ctx_server(void)
{
ctx_server = SSL_CTX_new(SSLv23_server_method());
@@ -37,6 +63,9 @@ void init_ctx_server(void)
ircd_log(LOG_ERROR, "Failed to do SSL CTX new");
exit(2);
}
#ifndef _WIN32
SSL_CTX_set_default_passwd_cb(ctx_server, ssl_pem_passwd_cb);
#endif
if (SSL_CTX_use_certificate_file(ctx_server, CERTF, SSL_FILETYPE_PEM) <= 0)
{
@@ -64,7 +93,9 @@ void init_ctx_client(void)
ircd_log(LOG_ERROR, "Failed to do SSL CTX new client");
exit(2);
}
#ifndef _WIN32
SSL_CTX_set_default_passwd_cb(ctx_client, ssl_pem_passwd_cb);
#endif
if (SSL_CTX_use_certificate_file(ctx_client, CERTF, SSL_FILETYPE_PEM) <= 0)
{
ircd_log(LOG_ERROR, "Failed to load SSL certificate %s (client)", CERTF);