summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorSteven Barth <steven@midlink.org>2009-05-28 07:21:22 +0000
committerSteven Barth <steven@midlink.org>2009-05-28 07:21:22 +0000
commit658b3db2da59440ee8fd24cfee5d849a11055261 (patch)
tree451f3d0e27e83345d507b86043c86eb3a77fb7ae
parentb3825387988fc9280843028b9a967eb03dd378d3 (diff)
Würg around some nasty axTLS keying bugs
-rw-r--r--libs/nixio/axtls-config/.config4
-rw-r--r--libs/nixio/axtls-config/config.h4
-rw-r--r--libs/nixio/axtls-root/etc/axtls.key15
-rwxr-xr-xlibs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey6
-rw-r--r--libs/nixio/src/tls-context.c2
5 files changed, 25 insertions, 6 deletions
diff --git a/libs/nixio/axtls-config/.config b/libs/nixio/axtls-config/.config
index ffc6a5e75..c0af7c78a 100644
--- a/libs/nixio/axtls-config/.config
+++ b/libs/nixio/axtls-config/.config
@@ -30,8 +30,8 @@ CONFIG_SSL_FULL_MODE=y
# CONFIG_SSL_PROT_LOW is not set
CONFIG_SSL_PROT_MEDIUM=y
# CONFIG_SSL_PROT_HIGH is not set
-CONFIG_SSL_USE_DEFAULT_KEY=y
-CONFIG_SSL_PRIVATE_KEY_LOCATION=""
+# CONFIG_SSL_USE_DEFAULT_KEY is not set
+CONFIG_SSL_PRIVATE_KEY_LOCATION="/etc/axtls.key"
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
CONFIG_SSL_X509_CERT_LOCATION=""
CONFIG_SSL_GENERATE_X509_CERT=y
diff --git a/libs/nixio/axtls-config/config.h b/libs/nixio/axtls-config/config.h
index a7fdcc721..1ced87dd5 100644
--- a/libs/nixio/axtls-config/config.h
+++ b/libs/nixio/axtls-config/config.h
@@ -31,8 +31,8 @@
#undef CONFIG_SSL_PROT_LOW
#define CONFIG_SSL_PROT_MEDIUM 1
#undef CONFIG_SSL_PROT_HIGH
-#define CONFIG_SSL_USE_DEFAULT_KEY 1
-#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
+#undef CONFIG_SSL_USE_DEFAULT_KEY
+#define CONFIG_SSL_PRIVATE_KEY_LOCATION "/etc/axtls.key"
#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
#define CONFIG_SSL_X509_CERT_LOCATION ""
#define CONFIG_SSL_GENERATE_X509_CERT 1
diff --git a/libs/nixio/axtls-root/etc/axtls.key b/libs/nixio/axtls-root/etc/axtls.key
new file mode 100644
index 000000000..9bef6c043
--- /dev/null
+++ b/libs/nixio/axtls-root/etc/axtls.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDEQfiRQgRD6BzI3iBa/ugdUmiqU8TvIMgzd7PT7bEnTk3stVEM
+lSKkKpQlyf7F25DL2VnIEG7y592466XyZL3rwPT5/urvae3n6cmO7egOxdLO02Wz
+74fMka2BHsFbTXzI8FHakatabnMlsB05+5NpsbfwWj0BDbrq8ZQ6kX0s8wIDAQAB
+AoGAd8T259bM+ZAeeOst/bpQdwyCuWeT6IcuBlLH2M7W7PDZl1pz0uT0lhEyBfnG
+1IKRVAYZx4FX5D9iTWbqCAo46COwDrqQHoxXwQ89O2FgXrHoi1ZGjrQyPLJLvz3w
+HLzP4WjnOkr4Fy6v1UwCJetj/cdWByrAjWhYkDR6taxTxJECQQDxPqPCR80IOiMk
+Dh0pmYgmfACYa/FNi5LwWVRs09KKe51PNWck8aZa0qhxX+dOR7ptw3SIaQQ5pow1
+7zZ/lhjLAkEA0ELvJePIG7N9pzR12mDYMUNTjcVJYkw0LF04zQu49C8yeSJRtDuR
+e1UjnZ2iEAdPaU+ywLHm/vcR75gSj6S/eQJBANJBA7xpk5qeAM6FtojxFKZl4Kb3
+POGWycPMNzZ6Dr8/KUVFh9W8/n2dp8zYBuJExYiwlrnkvRf5va2sBNWB3a0CQANt
+xrAyAt5p4xy4oWQaChUtjZec8utaY9WDJ2dA1Se4CzWxWfUEsg18xlxW9w8af7U1
+KbVAeJQkDziJoWyaAskCQQCxnGi/AepzNrozpJdlrAgwWjGOlSo16QBLpfrrqBc5
+iI50AWsTtqThcS6gRgE6/jo/Iat0kKhRLAcALVAOmJfd
+-----END RSA PRIVATE KEY-----
diff --git a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
index 4bfee88b0..22bb1f8cc 100755
--- a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
+++ b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
@@ -1,8 +1,12 @@
#!/usr/bin/lua
local nixio = require "nixio"
+local fs = require "nixio.fs"
local posix
local defkey = nixio.meta_tls_context.tls_defaultkey
-if not defkey or io.open(defkey) then
+local okey = "646e6b90d1ad02719cb1b221b7ce447a"
+
+if (not defkey or io.open(defkey)) and
+not (nixio.crypto.hash("md5"):update(fs.readfile(defkey)):final()) == okey then
os.exit(0)
end
diff --git a/libs/nixio/src/tls-context.c b/libs/nixio/src/tls-context.c
index bcbe1fc24..59e06f449 100644
--- a/libs/nixio/src/tls-context.c
+++ b/libs/nixio/src/tls-context.c
@@ -222,7 +222,7 @@ void nixio_open_tls_context(lua_State *L) {
lua_setfield(L, -2, "__index");
luaL_register(L, NULL, CTX_M);
#ifdef WITH_AXTLS
- lua_pushliteral(L, "/etc/private.rsa");
+ lua_pushliteral(L, "/etc/axtls.key");
lua_setfield(L, -2, "tls_defaultkey");
#endif
lua_setfield(L, -2, "meta_tls_context");