From: Art Cancro Date: Wed, 30 Mar 2005 17:27:55 +0000 (+0000) Subject: * serv_crypto.c: made changes to OpenSSL calls ... removed unnecessary X-Git-Tag: v7.86~4963 X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=3bcc1a3ecb93de64fb5b4f127c40950fc8a5240b * serv_crypto.c: made changes to OpenSSL calls ... removed unnecessary calls and also enabled SSLv3/TLSv1 --- diff --git a/webcit/ChangeLog b/webcit/ChangeLog index d8c6d4e39..a607c52f0 100644 --- a/webcit/ChangeLog +++ b/webcit/ChangeLog @@ -1,4 +1,8 @@ $Log$ +Revision 603.13 2005/03/30 17:27:55 ajc +* serv_crypto.c: made changes to OpenSSL calls ... removed unnecessary + calls and also enabled SSLv3/TLSv1 + Revision 603.12 2005/03/10 05:13:21 ajc * Created the framework for the "first time setup wizard" @@ -2484,4 +2488,3 @@ Sun Dec 6 19:50:55 EST 1998 Art Cancro 1998-12-03 Nathan Bryant * webserver.c: warning fix - diff --git a/webcit/crypto.c b/webcit/crypto.c index 5e690e4e7..4d1a971cf 100644 --- a/webcit/crypto.c +++ b/webcit/crypto.c @@ -23,12 +23,6 @@ #define CTDL_CER_PATH CTDL_CRYPTO_DIR "/citadel.cer" #define SIGN_DAYS 365 - -/* Shared Diffie-Hellman parameters */ -#define DH_P "1A74527AEE4EE2568E85D4FB2E65E18C9394B9C80C42507D7A6A0DBE9A9A54B05A9A96800C34C7AA5297095B69C88901EEFD127F969DCA26A54C0E0B5C5473EBAEB00957D2633ECAE3835775425DE66C0DE6D024DBB17445E06E6B0C78415E589B8814F08531D02FD43778451E7685541079CFFB79EF0D26EFEEBBB69D1E80383" -#define DH_G "2" -#define DH_L 1024 - SSL_CTX *ssl_ctx; /* SSL context */ pthread_mutex_t **SSLCritters; /* Things needing locking */ @@ -43,7 +37,6 @@ static unsigned long id_callback(void) void init_ssl(void) { SSL_METHOD *ssl_method; - DH *dh; RSA *rsa=NULL; X509_REQ *req = NULL; X509 *cer = NULL; @@ -86,9 +79,8 @@ void init_ssl(void) * Initialize SSL transport layer */ SSL_library_init(); - /* OpenSSL_add_all_algorithms(); */ SSL_load_error_strings(); - ssl_method = SSLv2_server_method(); + ssl_method = SSLv23_server_method(); if (!(ssl_ctx = SSL_CTX_new(ssl_method))) { lprintf(3, "SSL_CTX_new failed: %s\n", ERR_reason_error_string(ERR_get_error())); @@ -98,33 +90,6 @@ void init_ssl(void) CRYPTO_set_locking_callback(ssl_lock); CRYPTO_set_id_callback(id_callback); - /* Load DH parameters into the context */ - dh = DH_new(); - if (!dh) { - lprintf(3, "init_ssl() can't allocate a DH object: %s\n", - ERR_reason_error_string(ERR_get_error())); - SSL_CTX_free(ssl_ctx); - ssl_ctx = NULL; - return; - } - if (!(BN_hex2bn(&(dh->p), DH_P))) { - lprintf(3, "init_ssl() can't assign DH_P: %s\n", - ERR_reason_error_string(ERR_get_error())); - SSL_CTX_free(ssl_ctx); - ssl_ctx = NULL; - return; - } - if (!(BN_hex2bn(&(dh->g), DH_G))) { - lprintf(3, "init_ssl() can't assign DH_G: %s\n", - ERR_reason_error_string(ERR_get_error())); - SSL_CTX_free(ssl_ctx); - ssl_ctx = NULL; - return; - } - dh->length = DH_L; - SSL_CTX_set_tmp_dh(ssl_ctx, dh); - DH_free(dh); - /* Get our certificates in order. * First, create the key/cert directory if it's not there already... */ @@ -329,7 +294,6 @@ void init_ssl(void) } } - /* * Now try to bind to the key and certificate. * Note that we use SSL_CTX_use_certificate_chain_file() which allows diff --git a/webcit/mime_parser.c b/webcit/mime_parser.c index c412c3dc1..613b9258e 100644 --- a/webcit/mime_parser.c +++ b/webcit/mime_parser.c @@ -20,7 +20,6 @@ #include #include "webcit.h" - #include "mime_parser.h" diff --git a/webcit/webcit.h b/webcit/webcit.h index 779e3da5d..103908e13 100644 --- a/webcit/webcit.h +++ b/webcit/webcit.h @@ -256,7 +256,7 @@ extern char *ctdlhost, *ctdlport; extern char *server_cookie; extern int is_https; extern int setup_wizard; -extern char wizard_filename[PATH_MAX]; +extern char wizard_filename[]; void do_setup_wizard(void); void stuff_to_cookie(char *cookie, int session,