diff options
author | Steven Barth <steven@midlink.org> | 2009-05-28 07:21:22 +0000 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2009-05-28 07:21:22 +0000 |
commit | 658b3db2da59440ee8fd24cfee5d849a11055261 (patch) | |
tree | 451f3d0e27e83345d507b86043c86eb3a77fb7ae | |
parent | b3825387988fc9280843028b9a967eb03dd378d3 (diff) |
Würg around some nasty axTLS keying bugs
-rw-r--r-- | libs/nixio/axtls-config/.config | 4 | ||||
-rw-r--r-- | libs/nixio/axtls-config/config.h | 4 | ||||
-rw-r--r-- | libs/nixio/axtls-root/etc/axtls.key | 15 | ||||
-rwxr-xr-x | libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey | 6 | ||||
-rw-r--r-- | libs/nixio/src/tls-context.c | 2 |
5 files changed, 25 insertions, 6 deletions
diff --git a/libs/nixio/axtls-config/.config b/libs/nixio/axtls-config/.config index ffc6a5e75..c0af7c78a 100644 --- a/libs/nixio/axtls-config/.config +++ b/libs/nixio/axtls-config/.config @@ -30,8 +30,8 @@ CONFIG_SSL_FULL_MODE=y # CONFIG_SSL_PROT_LOW is not set CONFIG_SSL_PROT_MEDIUM=y # CONFIG_SSL_PROT_HIGH is not set -CONFIG_SSL_USE_DEFAULT_KEY=y -CONFIG_SSL_PRIVATE_KEY_LOCATION="" +# CONFIG_SSL_USE_DEFAULT_KEY is not set +CONFIG_SSL_PRIVATE_KEY_LOCATION="/etc/axtls.key" CONFIG_SSL_PRIVATE_KEY_PASSWORD="" CONFIG_SSL_X509_CERT_LOCATION="" CONFIG_SSL_GENERATE_X509_CERT=y diff --git a/libs/nixio/axtls-config/config.h b/libs/nixio/axtls-config/config.h index a7fdcc721..1ced87dd5 100644 --- a/libs/nixio/axtls-config/config.h +++ b/libs/nixio/axtls-config/config.h @@ -31,8 +31,8 @@ #undef CONFIG_SSL_PROT_LOW #define CONFIG_SSL_PROT_MEDIUM 1 #undef CONFIG_SSL_PROT_HIGH -#define CONFIG_SSL_USE_DEFAULT_KEY 1 -#define CONFIG_SSL_PRIVATE_KEY_LOCATION "" +#undef CONFIG_SSL_USE_DEFAULT_KEY +#define CONFIG_SSL_PRIVATE_KEY_LOCATION "/etc/axtls.key" #define CONFIG_SSL_PRIVATE_KEY_PASSWORD "" #define CONFIG_SSL_X509_CERT_LOCATION "" #define CONFIG_SSL_GENERATE_X509_CERT 1 diff --git a/libs/nixio/axtls-root/etc/axtls.key b/libs/nixio/axtls-root/etc/axtls.key new file mode 100644 index 000000000..9bef6c043 --- /dev/null +++ b/libs/nixio/axtls-root/etc/axtls.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDEQfiRQgRD6BzI3iBa/ugdUmiqU8TvIMgzd7PT7bEnTk3stVEM +lSKkKpQlyf7F25DL2VnIEG7y592466XyZL3rwPT5/urvae3n6cmO7egOxdLO02Wz +74fMka2BHsFbTXzI8FHakatabnMlsB05+5NpsbfwWj0BDbrq8ZQ6kX0s8wIDAQAB +AoGAd8T259bM+ZAeeOst/bpQdwyCuWeT6IcuBlLH2M7W7PDZl1pz0uT0lhEyBfnG +1IKRVAYZx4FX5D9iTWbqCAo46COwDrqQHoxXwQ89O2FgXrHoi1ZGjrQyPLJLvz3w +HLzP4WjnOkr4Fy6v1UwCJetj/cdWByrAjWhYkDR6taxTxJECQQDxPqPCR80IOiMk +Dh0pmYgmfACYa/FNi5LwWVRs09KKe51PNWck8aZa0qhxX+dOR7ptw3SIaQQ5pow1 +7zZ/lhjLAkEA0ELvJePIG7N9pzR12mDYMUNTjcVJYkw0LF04zQu49C8yeSJRtDuR +e1UjnZ2iEAdPaU+ywLHm/vcR75gSj6S/eQJBANJBA7xpk5qeAM6FtojxFKZl4Kb3 +POGWycPMNzZ6Dr8/KUVFh9W8/n2dp8zYBuJExYiwlrnkvRf5va2sBNWB3a0CQANt +xrAyAt5p4xy4oWQaChUtjZec8utaY9WDJ2dA1Se4CzWxWfUEsg18xlxW9w8af7U1 +KbVAeJQkDziJoWyaAskCQQCxnGi/AepzNrozpJdlrAgwWjGOlSo16QBLpfrrqBc5 +iI50AWsTtqThcS6gRgE6/jo/Iat0kKhRLAcALVAOmJfd +-----END RSA PRIVATE KEY----- diff --git a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey index 4bfee88b0..22bb1f8cc 100755 --- a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey +++ b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey @@ -1,8 +1,12 @@ #!/usr/bin/lua local nixio = require "nixio" +local fs = require "nixio.fs" local posix local defkey = nixio.meta_tls_context.tls_defaultkey -if not defkey or io.open(defkey) then +local okey = "646e6b90d1ad02719cb1b221b7ce447a" + +if (not defkey or io.open(defkey)) and +not (nixio.crypto.hash("md5"):update(fs.readfile(defkey)):final()) == okey then os.exit(0) end diff --git a/libs/nixio/src/tls-context.c b/libs/nixio/src/tls-context.c index bcbe1fc24..59e06f449 100644 --- a/libs/nixio/src/tls-context.c +++ b/libs/nixio/src/tls-context.c @@ -222,7 +222,7 @@ void nixio_open_tls_context(lua_State *L) { lua_setfield(L, -2, "__index"); luaL_register(L, NULL, CTX_M); #ifdef WITH_AXTLS - lua_pushliteral(L, "/etc/private.rsa"); + lua_pushliteral(L, "/etc/axtls.key"); lua_setfield(L, -2, "tls_defaultkey"); #endif lua_setfield(L, -2, "meta_tls_context"); |