diff options
Diffstat (limited to 'src/microhttpd/daemon.c')
| -rw-r--r-- | src/microhttpd/daemon.c | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index c5539581..ae9a984d 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c | |||
| @@ -508,6 +508,7 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
| 508 | { | 508 | { |
| 509 | gnutls_datum_t key; | 509 | gnutls_datum_t key; |
| 510 | gnutls_datum_t cert; | 510 | gnutls_datum_t cert; |
| 511 | int ret; | ||
| 511 | 512 | ||
| 512 | #if GNUTLS_VERSION_MAJOR >= 3 | 513 | #if GNUTLS_VERSION_MAJOR >= 3 |
| 513 | if (NULL != daemon->cert_callback) | 514 | if (NULL != daemon->cert_callback) |
| @@ -545,9 +546,24 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
| 545 | cert.data = (unsigned char *) daemon->https_mem_cert; | 546 | cert.data = (unsigned char *) daemon->https_mem_cert; |
| 546 | cert.size = strlen (daemon->https_mem_cert); | 547 | cert.size = strlen (daemon->https_mem_cert); |
| 547 | 548 | ||
| 548 | return gnutls_certificate_set_x509_key_mem (daemon->x509_cred, | 549 | if (NULL != daemon->https_key_password) |
| 549 | &cert, &key, | 550 | ret = gnutls_certificate_set_x509_key_mem2 (daemon->x509_cred, |
| 550 | GNUTLS_X509_FMT_PEM); | 551 | &cert, &key, |
| 552 | GNUTLS_X509_FMT_PEM, | ||
| 553 | daemon->https_key_password, | ||
| 554 | 0); | ||
| 555 | |||
| 556 | else | ||
| 557 | ret = gnutls_certificate_set_x509_key_mem (daemon->x509_cred, | ||
| 558 | &cert, &key, | ||
| 559 | GNUTLS_X509_FMT_PEM); | ||
| 560 | #if HAVE_MESSAGES | ||
| 561 | if (0 != ret) | ||
| 562 | MHD_DLOG (daemon, | ||
| 563 | "GnuTLS failed to setup x509 certificate/key: %s\n", | ||
| 564 | gnutls_strerror (ret)); | ||
| 565 | #endif | ||
| 566 | return ret; | ||
| 551 | } | 567 | } |
| 552 | #if GNUTLS_VERSION_MAJOR >= 3 | 568 | #if GNUTLS_VERSION_MAJOR >= 3 |
| 553 | if (NULL != daemon->cert_callback) | 569 | if (NULL != daemon->cert_callback) |
| @@ -3002,6 +3018,16 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
| 3002 | opt); | 3018 | opt); |
| 3003 | #endif | 3019 | #endif |
| 3004 | break; | 3020 | break; |
| 3021 | case MHD_OPTION_HTTPS_KEY_PASSWORD: | ||
| 3022 | if (0 != (daemon->options & MHD_USE_SSL)) | ||
| 3023 | daemon->https_key_password = va_arg (ap, const char *); | ||
| 3024 | #if HAVE_MESSAGES | ||
| 3025 | else | ||
| 3026 | MHD_DLOG (daemon, | ||
| 3027 | "MHD HTTPS option %d passed to MHD but MHD_USE_SSL not set\n", | ||
| 3028 | opt); | ||
| 3029 | #endif | ||
| 3030 | break; | ||
| 3005 | case MHD_OPTION_HTTPS_MEM_CERT: | 3031 | case MHD_OPTION_HTTPS_MEM_CERT: |
| 3006 | if (0 != (daemon->options & MHD_USE_SSL)) | 3032 | if (0 != (daemon->options & MHD_USE_SSL)) |
| 3007 | daemon->https_mem_cert = va_arg (ap, const char *); | 3033 | daemon->https_mem_cert = va_arg (ap, const char *); |
| @@ -3183,6 +3209,7 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
| 3183 | /* all options taking one pointer */ | 3209 | /* all options taking one pointer */ |
| 3184 | case MHD_OPTION_SOCK_ADDR: | 3210 | case MHD_OPTION_SOCK_ADDR: |
| 3185 | case MHD_OPTION_HTTPS_MEM_KEY: | 3211 | case MHD_OPTION_HTTPS_MEM_KEY: |
| 3212 | case MHD_OPTION_HTTPS_KEY_PASSWORD: | ||
| 3186 | case MHD_OPTION_HTTPS_MEM_CERT: | 3213 | case MHD_OPTION_HTTPS_MEM_CERT: |
| 3187 | case MHD_OPTION_HTTPS_MEM_TRUST: | 3214 | case MHD_OPTION_HTTPS_MEM_TRUST: |
| 3188 | case MHD_OPTION_HTTPS_PRIORITIES: | 3215 | case MHD_OPTION_HTTPS_PRIORITIES: |
| @@ -4049,6 +4076,9 @@ MHD_start_daemon_va (unsigned int flags, | |||
| 4049 | } | 4076 | } |
| 4050 | } | 4077 | } |
| 4051 | } | 4078 | } |
| 4079 | /* API promises to never use the password after initialization, | ||
| 4080 | so we additionally NULL it here to not deref a dangling pointer. */ | ||
| 4081 | daemon->https_key_password = NULL; | ||
| 4052 | return daemon; | 4082 | return daemon; |
| 4053 | 4083 | ||
| 4054 | thread_failed: | 4084 | thread_failed: |