From 0fe9dd4119b3d58ee75d76a417fe48883bda7b99 Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Thu, 5 May 2016 03:43:15 +0000 Subject: [PATCH] [TLS Backends] Allow absense of private key file Use the certificate file instead --- librb/src/gnutls.c | 10 +++++++--- librb/src/openssl.c | 13 +++++-------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/librb/src/gnutls.c b/librb/src/gnutls.c index 9216b08e..1b7f0c86 100644 --- a/librb/src/gnutls.c +++ b/librb/src/gnutls.c @@ -361,18 +361,22 @@ rb_load_file_into_datum_t(const char *file) } int -rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list) +rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfile, const char *cipher_list) { int ret; const char *err; gnutls_datum_t *d_cert, *d_key; - if(cert == NULL) + + if(certfile == NULL) { rb_lib_log("rb_setup_ssl_server: No certificate file"); return 0; } - if((d_cert = rb_load_file_into_datum_t(cert)) == NULL) + if(keyfile == NULL) + keyfile = certfile; + + if((d_cert = rb_load_file_into_datum_t(certfile)) == NULL) { rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", strerror(errno)); return 0; diff --git a/librb/src/openssl.c b/librb/src/openssl.c index 79326bda..6418b608 100644 --- a/librb/src/openssl.c +++ b/librb/src/openssl.c @@ -340,7 +340,7 @@ rb_init_ssl(void) } int -rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list) +rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfile, const char *cipher_list) { const char librb_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!aNULL"; @@ -348,17 +348,14 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c const char librb_curves[] = "P-521:P-384:P-256"; #endif - if(cert == NULL) + if(certfile == NULL) { rb_lib_log("rb_setup_ssl_server: No certificate file"); return 0; } if(keyfile == NULL) - { - rb_lib_log("rb_setup_ssl_server: No key file"); - return 0; - } + keyfile = certfile; if(cipher_list == NULL) cipher_list = librb_ciphers; @@ -438,9 +435,9 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c SSL_CTX_set_cipher_list(ssl_server_ctx, cipher_list); SSL_CTX_set_cipher_list(ssl_client_ctx, cipher_list); - if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, cert) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, cert)) + if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, certfile) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, certfile)) { - rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", cert, + rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", certfile, get_ssl_error(ERR_get_error())); return 0; }