Changeset 18:e7187583dcf8 in freeDiameter for freeDiameter/config.c
- Timestamp:
- Oct 5, 2009, 5:13:01 PM (15 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
freeDiameter/config.c
r17 r18 38 38 /* Configuration management */ 39 39 40 #ifndef GNUTLS_DEFAULT_PRIORITY 41 # define GNUTLS_DEFAULT_PRIORITY "NORMAL" 42 #endif /* GNUTLS_DEFAULT_PRIORITY */ 43 #ifndef GNUTLS_DEFAULT_DHBITS 44 # define GNUTLS_DEFAULT_DHBITS 1024 45 #endif /* GNUTLS_DEFAULT_DHBITS */ 46 40 47 /* Initialize the fd_g_config structure to default values */ 41 48 int fd_conf_init() … … 63 70 CHECK_FCT( fd_fifo_new(&fd_g_config->cnf_main_ev) ); 64 71 72 /* TLS parameters */ 73 CHECK_GNUTLS_DO( gnutls_certificate_allocate_credentials (&fd_g_config->cnf_sec_data.credentials), return ENOMEM ); 74 CHECK_GNUTLS_DO( gnutls_dh_params_init (&fd_g_config->cnf_sec_data.dh_cache), return ENOMEM ); 75 65 76 return 0; 66 77 } … … 111 122 } 112 123 } 124 113 125 fd_log_debug(" Flags : - IP ........... : %s\n", fd_g_config->cnf_flags.no_ip4 ? "DISABLED" : "Enabled"); 114 126 fd_log_debug(" - IPv6 ......... : %s\n", fd_g_config->cnf_flags.no_ip6 ? "DISABLED" : "Enabled"); … … 122 134 fd_log_debug(" - Pref. proto .. : %s\n", fd_g_config->cnf_flags.pr_tcp ? "TCP" : "SCTP"); 123 135 fd_log_debug(" - TLS method ... : %s\n", fd_g_config->cnf_flags.tls_alg ? "INBAND" : "Separate port"); 124 fd_log_debug(" TLS : - Certificate .. : %s\n", fd_g_config->cnf_sec_data.cert_file ?: "(none)"); 125 fd_log_debug(" - Private key .. : %s\n", fd_g_config->cnf_sec_data.key_file ?: "(none)"); 126 fd_log_debug(" - CA ........... : %s\n", fd_g_config->cnf_sec_data.ca_file ?: "(none)"); 136 137 fd_log_debug(" TLS : - Certificate .. : %s\n", fd_g_config->cnf_sec_data.cert_file ?: "(NONE)"); 138 fd_log_debug(" - Private key .. : %s\n", fd_g_config->cnf_sec_data.key_file ?: "(NONE)"); 139 fd_log_debug(" - CA (trust) ... : %s\n", fd_g_config->cnf_sec_data.ca_file ?: "(none)"); 127 140 fd_log_debug(" - CRL .......... : %s\n", fd_g_config->cnf_sec_data.crl_file ?: "(none)"); 128 fd_log_debug(" - Priority ..... : %s\n", fd_g_config->cnf_sec_data.prio_string ?: "(default)"); 141 fd_log_debug(" - Priority ..... : %s\n", fd_g_config->cnf_sec_data.prio_string ?: "(default: '" GNUTLS_DEFAULT_PRIORITY "')"); 142 fd_log_debug(" - DH bits ...... : %d\n", fd_g_config->cnf_sec_data.dh_bits ?: GNUTLS_DEFAULT_DHBITS); 143 129 144 fd_log_debug(" Origin-State-Id ........ : %u\n", fd_g_config->cnf_orstateid); 130 145 } … … 149 164 /* close the file */ 150 165 fclose(fddin); 166 167 /* Check that TLS private key was given */ 168 if (! fd_g_config->cnf_sec_data.key_file) { 169 fprintf(stderr, "Missing private key configuration for TLS. Please provide the TLS_cred configuration directive.\n"); 170 return EINVAL; 171 } 151 172 152 173 /* Resolve hostname if not provided */ … … 208 229 } 209 230 210 /* TLS parameters */ 211 CHECK_GNUTLS_DO( gnutls_certificate_allocate_credentials (&fd_g_config->cnf_sec_data.credentials), return ENOMEM ); 212 213 CHECK_GNUTLS_DO( gnutls_dh_params_init (&fd_g_config->cnf_sec_data.dh_cache), return ENOMEM ); 214 231 /* Configure TLS default parameters */ 232 if (! fd_g_config->cnf_sec_data.prio_string) { 233 const char * err_pos = NULL; 234 CHECK_GNUTLS_DO( gnutls_priority_init( 235 &fd_g_config->cnf_sec_data.prio_cache, 236 GNUTLS_DEFAULT_PRIORITY, 237 &err_pos), 238 { TRACE_DEBUG(INFO, "Error in priority string at position : %s", err_pos); return EINVAL; } ); 239 } 240 if (! fd_g_config->cnf_sec_data.dh_bits) { 241 CHECK_GNUTLS_DO( gnutls_dh_params_generate2( 242 fd_g_config->cnf_sec_data.dh_cache, 243 GNUTLS_DEFAULT_DHBITS), 244 { TRACE_DEBUG(INFO, "Error in DH bits value : %d", GNUTLS_DEFAULT_DHBITS); return EINVAL; } ); 245 } 246 215 247 216 248 return 0;
Note: See TracChangeset
for help on using the changeset viewer.