X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy.c;h=b391b738e641d1314db5c8289fefa62e694379a9;hb=1d65b2374b94b6191d7c3ca53632c9ea416b2b7b;hp=b4beceaa2cd25f115196fad43a5737754494aa09;hpb=23787d573fd2e4f31c1205f17c5d90fd5516a3fc;p=tlsproxy%2Ftlsproxy.git diff --git a/src/tlsproxy.c b/src/tlsproxy.c index b4becea..b391b73 100644 --- a/src/tlsproxy.c +++ b/src/tlsproxy.c @@ -42,9 +42,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; /* Size of ringbuffer. */ #define RINGBUFFER_SIZE 10 -/* Bit size of Diffie-Hellman key exchange parameters. */ -#define DH_SIZE 1024 - /* For gnutls_*() functions. */ #define GNUTLS_ERROR_EXIT(error, message) \ @@ -75,7 +72,7 @@ static void sigint_handler(int signal); static void parse_arguments(int argc, char **argv); static void print_usage(const char *argv); -static char *slurp_file(const char *path); +static char *slurp_text_file(const char *path); static void initialize_gnutls(void); static void deinitialize_gnutls(void); @@ -240,6 +237,7 @@ int main(int argc, char **argv) { free(global_proxy_host); free(global_proxy_port); + free(http_digest_authorization); return EXIT_FAILURE; } @@ -267,7 +265,7 @@ static void parse_arguments(int argc, char **argv) { while ((option = getopt(argc, argv, "a:d:p:t:uh?")) != -1) { switch (option) { case 'a': { - http_digest_authorization = slurp_file(optarg); + http_digest_authorization = slurp_text_file(optarg); if (http_digest_authorization == NULL) { fprintf(stderr, "failed to open authorization file '%s': ", optarg); @@ -373,6 +371,9 @@ static void log_function_gnutls(int level, const char *string) { static void initialize_gnutls(void) { int result; + char *dh_parameters; + gnutls_datum_t dh_parameters_datum; + /* Recent versions of GnuTLS automatically initialize the cryptography layer * in gnutls_global_init(). */ #if GNUTLS_VERSION_NUMBER <= 0x020b00 @@ -407,11 +408,24 @@ static void initialize_gnutls(void) { result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL); GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()"); - /* Generate Diffie-Hellman parameters. */ + /* Read Diffie-Hellman parameters. */ + dh_parameters = slurp_text_file(PROXY_DH_PATH); + if (dh_parameters == NULL) { + fprintf(stderr, PROXY_DH_PATH " missing, " + "use `tlsproxy-setup` to create it\n"); + exit(EXIT_FAILURE); + } + dh_parameters_datum.data = (unsigned char *)dh_parameters; + dh_parameters_datum.size = strlen(dh_parameters); + result = gnutls_dh_params_init(&global_tls_dh_params); GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_init()"); - result = gnutls_dh_params_generate2(global_tls_dh_params, DH_SIZE); - GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_generate2()"); + result = gnutls_dh_params_import_pkcs3(global_tls_dh_params, + &dh_parameters_datum, + GNUTLS_X509_FMT_PEM); + GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_import_pkcs3()"); + + free(dh_parameters); } static void deinitialize_gnutls(void) { gnutls_dh_params_deinit(global_tls_dh_params); @@ -445,7 +459,7 @@ static void *worker_thread(void *unused) { return NULL; } -static char *slurp_file(const char *path) { +static char *slurp_text_file(const char *path) { struct stat stat; size_t size_read; char *content = NULL;