diff options
Diffstat (limited to 'src/microhttpd/daemon.c')
-rw-r--r-- | src/microhttpd/daemon.c | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index c5539581..ae9a984d 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c | |||
@@ -508,6 +508,7 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
508 | { | 508 | { |
509 | gnutls_datum_t key; | 509 | gnutls_datum_t key; |
510 | gnutls_datum_t cert; | 510 | gnutls_datum_t cert; |
511 | int ret; | ||
511 | 512 | ||
512 | #if GNUTLS_VERSION_MAJOR >= 3 | 513 | #if GNUTLS_VERSION_MAJOR >= 3 |
513 | if (NULL != daemon->cert_callback) | 514 | if (NULL != daemon->cert_callback) |
@@ -545,9 +546,24 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
545 | cert.data = (unsigned char *) daemon->https_mem_cert; | 546 | cert.data = (unsigned char *) daemon->https_mem_cert; |
546 | cert.size = strlen (daemon->https_mem_cert); | 547 | cert.size = strlen (daemon->https_mem_cert); |
547 | 548 | ||
548 | return gnutls_certificate_set_x509_key_mem (daemon->x509_cred, | 549 | if (NULL != daemon->https_key_password) |
549 | &cert, &key, | 550 | ret = gnutls_certificate_set_x509_key_mem2 (daemon->x509_cred, |
550 | GNUTLS_X509_FMT_PEM); | 551 | &cert, &key, |
552 | GNUTLS_X509_FMT_PEM, | ||
553 | daemon->https_key_password, | ||
554 | 0); | ||
555 | |||
556 | else | ||
557 | ret = gnutls_certificate_set_x509_key_mem (daemon->x509_cred, | ||
558 | &cert, &key, | ||
559 | GNUTLS_X509_FMT_PEM); | ||
560 | #if HAVE_MESSAGES | ||
561 | if (0 != ret) | ||
562 | MHD_DLOG (daemon, | ||
563 | "GnuTLS failed to setup x509 certificate/key: %s\n", | ||
564 | gnutls_strerror (ret)); | ||
565 | #endif | ||
566 | return ret; | ||
551 | } | 567 | } |
552 | #if GNUTLS_VERSION_MAJOR >= 3 | 568 | #if GNUTLS_VERSION_MAJOR >= 3 |
553 | if (NULL != daemon->cert_callback) | 569 | if (NULL != daemon->cert_callback) |
@@ -3002,6 +3018,16 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
3002 | opt); | 3018 | opt); |
3003 | #endif | 3019 | #endif |
3004 | break; | 3020 | break; |
3021 | case MHD_OPTION_HTTPS_KEY_PASSWORD: | ||
3022 | if (0 != (daemon->options & MHD_USE_SSL)) | ||
3023 | daemon->https_key_password = va_arg (ap, const char *); | ||
3024 | #if HAVE_MESSAGES | ||
3025 | else | ||
3026 | MHD_DLOG (daemon, | ||
3027 | "MHD HTTPS option %d passed to MHD but MHD_USE_SSL not set\n", | ||
3028 | opt); | ||
3029 | #endif | ||
3030 | break; | ||
3005 | case MHD_OPTION_HTTPS_MEM_CERT: | 3031 | case MHD_OPTION_HTTPS_MEM_CERT: |
3006 | if (0 != (daemon->options & MHD_USE_SSL)) | 3032 | if (0 != (daemon->options & MHD_USE_SSL)) |
3007 | daemon->https_mem_cert = va_arg (ap, const char *); | 3033 | daemon->https_mem_cert = va_arg (ap, const char *); |
@@ -3183,6 +3209,7 @@ parse_options_va (struct MHD_Daemon *daemon, | |||
3183 | /* all options taking one pointer */ | 3209 | /* all options taking one pointer */ |
3184 | case MHD_OPTION_SOCK_ADDR: | 3210 | case MHD_OPTION_SOCK_ADDR: |
3185 | case MHD_OPTION_HTTPS_MEM_KEY: | 3211 | case MHD_OPTION_HTTPS_MEM_KEY: |
3212 | case MHD_OPTION_HTTPS_KEY_PASSWORD: | ||
3186 | case MHD_OPTION_HTTPS_MEM_CERT: | 3213 | case MHD_OPTION_HTTPS_MEM_CERT: |
3187 | case MHD_OPTION_HTTPS_MEM_TRUST: | 3214 | case MHD_OPTION_HTTPS_MEM_TRUST: |
3188 | case MHD_OPTION_HTTPS_PRIORITIES: | 3215 | case MHD_OPTION_HTTPS_PRIORITIES: |
@@ -4049,6 +4076,9 @@ MHD_start_daemon_va (unsigned int flags, | |||
4049 | } | 4076 | } |
4050 | } | 4077 | } |
4051 | } | 4078 | } |
4079 | /* API promises to never use the password after initialization, | ||
4080 | so we additionally NULL it here to not deref a dangling pointer. */ | ||
4081 | daemon->https_key_password = NULL; | ||
4052 | return daemon; | 4082 | return daemon; |
4053 | 4083 | ||
4054 | thread_failed: | 4084 | thread_failed: |