equal
deleted
inserted
replaced
31 #include "pop3d.h" |
31 #include "pop3d.h" |
32 #include "ssl.h" |
32 #include "ssl.h" |
33 |
33 |
34 #define SSL_CIPHERS "HIGH" |
34 #define SSL_CIPHERS "HIGH" |
35 #define SSL_SESSION_TIMEOUT 300 |
35 #define SSL_SESSION_TIMEOUT 300 |
36 #define CERTFILE "/etc/ssl/server.crt" |
|
37 #define KEYFILE "/etc/ssl/private/server.key" |
|
38 |
36 |
39 static char *ssl_load_file(const char *, off_t *); |
37 static char *ssl_load_file(const char *, off_t *); |
40 |
38 |
41 void |
39 void |
42 ssl_init(void) |
40 ssl_init(void) |
50 ENGINE_load_builtin_engines(); |
48 ENGINE_load_builtin_engines(); |
51 ENGINE_register_all_complete(); |
49 ENGINE_register_all_complete(); |
52 } |
50 } |
53 |
51 |
54 void * |
52 void * |
55 ssl_setup(void) |
53 ssl_setup(const char *certfile, const char *keyfile) |
56 { |
54 { |
57 SSL_CTX *ctx = NULL; |
55 SSL_CTX *ctx = NULL; |
58 char *cert, *key; |
56 char *cert, *key; |
59 off_t cert_len, key_len; |
57 off_t cert_len, key_len; |
60 |
58 |
71 SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET); |
69 SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET); |
72 SSL_CTX_set_options(ctx, |
70 SSL_CTX_set_options(ctx, |
73 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); |
71 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); |
74 |
72 |
75 /* SSL certificate, key loading */ |
73 /* SSL certificate, key loading */ |
76 cert = ssl_load_file(CERTFILE, &cert_len); |
74 cert = ssl_load_file(certfile, &cert_len); |
77 if (cert == NULL) |
75 if (cert == NULL) |
78 fatal("ssl_load_file: Unable to load " CERTFILE); |
76 fatal("ssl_load_file: certificate"); |
79 |
77 |
80 key = ssl_load_file(KEYFILE, &key_len); |
78 key = ssl_load_file(keyfile, &key_len); |
81 if (key == NULL) |
79 if (key == NULL) |
82 fatal("ssl_load_file: Unable to load " KEYFILE); |
80 fatal("ssl_load_file: key"); |
83 |
81 |
84 if (!SSL_CTX_set_cipher_list(ctx, SSL_CIPHERS)) |
82 if (!SSL_CTX_set_cipher_list(ctx, SSL_CIPHERS)) |
85 goto err; |
83 goto err; |
86 |
84 |
87 if (!ssl_ctx_use_certificate_chain(ctx, cert, cert_len)) |
85 if (!ssl_ctx_use_certificate_chain(ctx, cert, cert_len)) |