1 files changed, 109 insertions, 8 deletions
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 25571f61..a12bbadb 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -5892,6 +5892,100 @@ parse_options (struct MHD_Daemon *daemon,
 }
+#ifdef HTTPS_SUPPORT
+/**
+ * Type of GnuTLS priorities base string
+ */
+enum MHD_TlsPrioritiesBaseType
+{
+  MHD_TLS_PRIO_BASE_LIBMHD = 0, /**< @c "@LIBMICROHTTPD" */
+  MHD_TLS_PRIO_BASE_SYSTEM = 1, /**< @c "@SYSTEM" */
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+  MHD_TLS_PRIO_BASE_DEFAULT,    /**< Default priorities string */
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+  MHD_TLS_PRIO_BASE_NORMAL      /**< @c "NORMAL */
+};
+static const struct _MHD_cstr_w_len MHD_TlsBasePriotities[] = {
+  _MHD_S_STR_W_LEN ("@LIBMICROHTTPD"),
+  _MHD_S_STR_W_LEN ("@SYSTEM"),
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+  {NULL, 0},
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+  _MHD_S_STR_W_LEN ("NORMAL")
+};
+/**
+ * Initialise TLS priorities with default settings
+ * @param daemon the daemon to initialise TLS priorities
+ * @return true on success, false on error
+ */
+static bool
+daemon_tls_priorities_init_default (struct MHD_Daemon *daemon)
+{
+  unsigned int p;
+  int res;
+  mhd_assert (0 != (((unsigned int) daemon->options) & MHD_USE_TLS));
+  mhd_assert (NULL == daemon->priority_cache);
+  mhd_assert (MHD_TLS_PRIO_BASE_NORMAL + 1 == \
+              sizeof(MHD_TlsBasePriotities) / sizeof(MHD_TlsBasePriotities[0]));
+  for (p = 0;
+       p < sizeof(MHD_TlsBasePriotities) / sizeof(MHD_TlsBasePriotities[0]);
+       ++p)
+  {
+    res = gnutls_priority_init (&daemon->priority_cache,
+                                MHD_TlsBasePriotities[p].str, NULL);
+    if (GNUTLS_E_SUCCESS == res)
+    {
+#ifdef _DEBUG
+#ifdef HAVE_MESSAGES
+      switch ((enum MHD_TlsPrioritiesBaseType) p)
+      {
+      case MHD_TLS_PRIO_BASE_LIBMHD:
+        MHD_DLOG (daemon,
+                  _ ("GnuTLS priorities have been initialised with " \
+                     "@LIBMICROHTTPD application-specific system-wide " \
+                     "configuration.\n") );
+        break;
+      case MHD_TLS_PRIO_BASE_SYSTEM:
+        MHD_DLOG (daemon,
+                  _ ("GnuTLS priorities have been initialised with " \
+                     "@SYSTEM system-wide configuration.\n") );
+        break;
+#if GNUTLS_VERSION_NUMBER >= 0x030300
+      case MHD_TLS_PRIO_BASE_DEFAULT:
+        MHD_DLOG (daemon,
+                  _ ("GnuTLS priorities have been initialised with " \
+                     "GnuTLS default configuration.\n") );
+        break;
+#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
+      case MHD_TLS_PRIO_BASE_NORMAL:
+        MHD_DLOG (daemon,
+                  _ ("GnuTLS priorities have been initialised with " \
+                     "NORMAL configuration.\n") );
+        break;
+      default:
+        mhd_assert (0);
+      }
+#endif /* HAVE_MESSAGES */
+#endif /* _DEBUG */
+      return true;
+    }
+  }
+#ifdef HAVE_MESSAGES
+  MHD_DLOG (daemon,
+            _ ("Failed to set GnuTLS priorities. Last error: %s\n"),
+            gnutls_strerror (res));
+#endif /* HAVE_MESSAGES */
+  return false;
+}
+#endif /* HTTPS_SUPPORT */
 /**
 * Parse a list of options given as varargs.
 *
@@ -6158,7 +6252,8 @@ parse_options_va (struct MHD_Daemon *daemon,
      if (0 != (daemon->options & MHD_USE_TLS))
      {
        int init_res;
-        gnutls_priority_deinit (daemon->priority_cache);
+        if (NULL != daemon->priority_cache)
+          gnutls_priority_deinit (daemon->priority_cache);
        init_res = gnutls_priority_init (&daemon->priority_cache,
                                         pstr,
                                         NULL);
@@ -6653,7 +6748,6 @@ setup_epoll_to_listen (struct MHD_Daemon *daemon)
 #endif
 /**
 * Start a webserver on the given port.
 *
@@ -6775,12 +6869,6 @@ MHD_start_daemon_va (unsigned int flags,
  /* try to open listen socket */
 #ifdef HTTPS_SUPPORT
  daemon->priority_cache = NULL;
-  if (0 != (*pflags & MHD_USE_TLS))
-  {
-    gnutls_priority_init (&daemon->priority_cache,
-                          "NORMAL",
-                          NULL);
-  }
 #endif /* HTTPS_SUPPORT */
  daemon->listen_fd = MHD_INVALID_SOCKET;
  daemon->listen_is_unix = _MHD_NO;
@@ -6857,6 +6945,19 @@ MHD_start_daemon_va (unsigned int flags,
    free (daemon);
    return NULL;
  }
+#ifdef HTTPS_SUPPORT
+  if ((0 != (*pflags & MHD_USE_TLS))
+      && (NULL == daemon->priority_cache)
+      && ! daemon_tls_priorities_init_default (daemon))
+  {
+#ifdef HAVE_MESSAGES
+    MHD_DLOG (daemon,
+              _ ("Failed to initialise GnuTLS priorities.\n"));
+#endif /* HAVE_MESSAGES */
+    free (daemon);
+    return NULL;
+  }
+#endif /* HTTPS_SUPPORT */
 #ifdef HAVE_MESSAGES
  if ( (0 != (flags & MHD_USE_THREAD_PER_CONNECTION)) &&

diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index 25571f61..a12bbadb 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c
@@ -5892,6 +5892,100 @@ parse_options (struct MHD_Daemon *daemon,
5892	}	5892	}
5893		5893
5894		5894
		5895	#ifdef HTTPS_SUPPORT
		5896	/**
		5897	* Type of GnuTLS priorities base string
		5898	*/
		5899	enum MHD_TlsPrioritiesBaseType
		5900	{
		5901	MHD_TLS_PRIO_BASE_LIBMHD = 0, /*< @c "@LIBMICROHTTPD" /
		5902	MHD_TLS_PRIO_BASE_SYSTEM = 1, /*< @c "@SYSTEM" /
		5903	#if GNUTLS_VERSION_NUMBER >= 0x030300
		5904	MHD_TLS_PRIO_BASE_DEFAULT, /*< Default priorities string /
		5905	#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
		5906	MHD_TLS_PRIO_BASE_NORMAL /*< @c "NORMAL /
		5907	};
		5908
		5909	static const struct _MHD_cstr_w_len MHD_TlsBasePriotities[] = {
		5910	_MHD_S_STR_W_LEN ("@LIBMICROHTTPD"),
		5911	_MHD_S_STR_W_LEN ("@SYSTEM"),
		5912	#if GNUTLS_VERSION_NUMBER >= 0x030300
		5913	{NULL, 0},
		5914	#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
		5915	_MHD_S_STR_W_LEN ("NORMAL")
		5916	};
		5917
		5918	/**
		5919	* Initialise TLS priorities with default settings
		5920	* @param daemon the daemon to initialise TLS priorities
		5921	* @return true on success, false on error
		5922	*/
		5923	static bool
		5924	daemon_tls_priorities_init_default (struct MHD_Daemon *daemon)
		5925	{
		5926	unsigned int p;
		5927	int res;
		5928
		5929	mhd_assert (0 != (((unsigned int) daemon->options) & MHD_USE_TLS));
		5930	mhd_assert (NULL == daemon->priority_cache);
		5931	mhd_assert (MHD_TLS_PRIO_BASE_NORMAL + 1 == \
		5932	sizeof(MHD_TlsBasePriotities) / sizeof(MHD_TlsBasePriotities[0]));
		5933
		5934	for (p = 0;
		5935	p < sizeof(MHD_TlsBasePriotities) / sizeof(MHD_TlsBasePriotities[0]);
		5936	++p)
		5937	{
		5938	res = gnutls_priority_init (&daemon->priority_cache,
		5939	MHD_TlsBasePriotities[p].str, NULL);
		5940	if (GNUTLS_E_SUCCESS == res)
		5941	{
		5942	#ifdef _DEBUG
		5943	#ifdef HAVE_MESSAGES
		5944	switch ((enum MHD_TlsPrioritiesBaseType) p)
		5945	{
		5946	case MHD_TLS_PRIO_BASE_LIBMHD:
		5947	MHD_DLOG (daemon,
		5948	_ ("GnuTLS priorities have been initialised with " \
		5949	"@LIBMICROHTTPD application-specific system-wide " \
		5950	"configuration.\n") );
		5951	break;
		5952	case MHD_TLS_PRIO_BASE_SYSTEM:
		5953	MHD_DLOG (daemon,
		5954	_ ("GnuTLS priorities have been initialised with " \
		5955	"@SYSTEM system-wide configuration.\n") );
		5956	break;
		5957	#if GNUTLS_VERSION_NUMBER >= 0x030300
		5958	case MHD_TLS_PRIO_BASE_DEFAULT:
		5959	MHD_DLOG (daemon,
		5960	_ ("GnuTLS priorities have been initialised with " \
		5961	"GnuTLS default configuration.\n") );
		5962	break;
		5963	#endif /* GNUTLS_VERSION_NUMBER >= 0x030300 */
		5964	case MHD_TLS_PRIO_BASE_NORMAL:
		5965	MHD_DLOG (daemon,
		5966	_ ("GnuTLS priorities have been initialised with " \
		5967	"NORMAL configuration.\n") );
		5968	break;
		5969	default:
		5970	mhd_assert (0);
		5971	}
		5972	#endif /* HAVE_MESSAGES */
		5973	#endif /* _DEBUG */
		5974	return true;
		5975	}
		5976	}
		5977	#ifdef HAVE_MESSAGES
		5978	MHD_DLOG (daemon,
		5979	_ ("Failed to set GnuTLS priorities. Last error: %s\n"),
		5980	gnutls_strerror (res));
		5981	#endif /* HAVE_MESSAGES */
		5982	return false;
		5983	}
		5984
		5985
		5986	#endif /* HTTPS_SUPPORT */
		5987
		5988
5895	/**	5989	/**
5896	* Parse a list of options given as varargs.	5990	* Parse a list of options given as varargs.
5897	*	5991	*
@@ -6158,7 +6252,8 @@ parse_options_va (struct MHD_Daemon *daemon,
6158	if (0 != (daemon->options & MHD_USE_TLS))	6252	if (0 != (daemon->options & MHD_USE_TLS))
6159	{	6253	{
6160	int init_res;	6254	int init_res;
6161	gnutls_priority_deinit (daemon->priority_cache);	6255	if (NULL != daemon->priority_cache)
		6256	gnutls_priority_deinit (daemon->priority_cache);
6162	init_res = gnutls_priority_init (&daemon->priority_cache,	6257	init_res = gnutls_priority_init (&daemon->priority_cache,
6163	pstr,	6258	pstr,
6164	NULL);	6259	NULL);
@@ -6653,7 +6748,6 @@ setup_epoll_to_listen (struct MHD_Daemon *daemon)
6653		6748
6654	#endif	6749	#endif
6655		6750
6656
6657	/**	6751	/**
6658	* Start a webserver on the given port.	6752	* Start a webserver on the given port.
6659	*	6753	*
@@ -6775,12 +6869,6 @@ MHD_start_daemon_va (unsigned int flags,
6775	/* try to open listen socket */	6869	/* try to open listen socket */
6776	#ifdef HTTPS_SUPPORT	6870	#ifdef HTTPS_SUPPORT
6777	daemon->priority_cache = NULL;	6871	daemon->priority_cache = NULL;
6778	if (0 != (*pflags & MHD_USE_TLS))
6779	{
6780	gnutls_priority_init (&daemon->priority_cache,
6781	"NORMAL",
6782	NULL);
6783	}
6784	#endif /* HTTPS_SUPPORT */	6872	#endif /* HTTPS_SUPPORT */
6785	daemon->listen_fd = MHD_INVALID_SOCKET;	6873	daemon->listen_fd = MHD_INVALID_SOCKET;
6786	daemon->listen_is_unix = _MHD_NO;	6874	daemon->listen_is_unix = _MHD_NO;
@@ -6857,6 +6945,19 @@ MHD_start_daemon_va (unsigned int flags,
6857	free (daemon);	6945	free (daemon);
6858	return NULL;	6946	return NULL;
6859	}	6947	}
		6948	#ifdef HTTPS_SUPPORT
		6949	if ((0 != (*pflags & MHD_USE_TLS))
		6950	&& (NULL == daemon->priority_cache)
		6951	&& ! daemon_tls_priorities_init_default (daemon))
		6952	{
		6953	#ifdef HAVE_MESSAGES
		6954	MHD_DLOG (daemon,
		6955	_ ("Failed to initialise GnuTLS priorities.\n"));
		6956	#endif /* HAVE_MESSAGES */
		6957	free (daemon);
		6958	return NULL;
		6959	}
		6960	#endif /* HTTPS_SUPPORT */
6860		6961
6861	#ifdef HAVE_MESSAGES	6962	#ifdef HAVE_MESSAGES
6862	if ( (0 != (flags & MHD_USE_THREAD_PER_CONNECTION)) &&	6963	if ( (0 != (flags & MHD_USE_THREAD_PER_CONNECTION)) &&