X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Fconn-ssl.c;h=ffb1b104e5f57e961565fe1c941edf8cae9b0d68;hb=05cc9bf9b064c7048f6b197462a686c5a9100798;hp=fbf796c79ab3f41da09269abb1d615f06810eb64;hpb=5196e9bcb17111c43a71df2d11634b0705600b9f;p=ngircd-alex.git diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index fbf796c7..ffb1b104 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -1,11 +1,15 @@ /* * ngIRCd -- The Next Generation IRC Daemon - * - * SSL wrapper functions. * Copyright (c) 2005-2008 Florian Westphal */ #include "portab.h" + +/** + * @file + * SSL wrapper functions + */ + #include "imp.h" #include "conf-ssl.h" @@ -47,10 +51,11 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c )); #include #include -#define DH_BITS 1024 +#define DH_BITS 2048 +#define DH_BITS_MIN 1024 + static gnutls_certificate_credentials_t x509_cred; static gnutls_dh_params_t dh_params; - static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void )); #endif @@ -383,9 +388,10 @@ ConnSSL_Init_SSL(CONNECTION *c) int ret; assert(c != NULL); #ifdef HAVE_LIBSSL - if (!ssl_ctx) /* NULL when library initialization failed */ + if (!ssl_ctx) { + Log(LOG_ERR, "Cannot init ssl_ctx: OpenSSL initialization failed at startup"); return false; - + } assert(c->ssl_state.ssl == NULL); c->ssl_state.ssl = SSL_new(ssl_ctx); @@ -406,6 +412,7 @@ ConnSSL_Init_SSL(CONNECTION *c) if (ret < 0) { Log(LOG_ERR, "gnutls_set_default_priority: %s", gnutls_strerror(ret)); ConnSSL_Free(c); + return false; } /* * The intermediate (long) cast is here to avoid a warning like: @@ -418,8 +425,9 @@ ConnSSL_Init_SSL(CONNECTION *c) if (ret < 0) { Log(LOG_ERR, "gnutls_credentials_set: %s", gnutls_strerror(ret)); ConnSSL_Free(c); + return false; } - gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS); + gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN); #endif Conn_OPTION_ADD(c, CONN_SSL); return true;