kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit c4a60c54bb7a67680138419b72548a565c40984f
parent c77ec598e7eb75bef4cb972b4d053f30bea9f6be
Author: Joris Vink <joris@coders.se>
Date:   Wed, 21 Apr 2021 22:39:35 +0200

resolve tls_dhparam after configure.

Diffstat:
src/config.c | 21+++++++++++++++------
src/domain.c | 13++-----------
2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/config.c b/src/config.c @@ -304,6 +304,7 @@ void kore_parse_config(void) { FILE *fp; + BIO *bio; char path[PATH_MAX]; if (finalized) @@ -327,6 +328,17 @@ kore_parse_config(void) (void)fclose(fp); } + if (tls_dhparam == NULL) { + if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL) + fatal("failed to open %s", KORE_DHPARAM_PATH); + + tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + BIO_free(bio); + + if (tls_dhparam == NULL) + fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s); + } + if (!kore_module_loaded()) fatal("no application module was loaded"); @@ -341,17 +353,14 @@ kore_parse_config(void) } } - if (getuid() != 0 && skip_chroot == 0) { + if (getuid() != 0 && skip_chroot == 0) fatal("cannot chroot, use -n to skip it"); - } - if (skip_runas != 1 && kore_runas_user == NULL) { + if (skip_runas != 1 && kore_runas_user == NULL) fatal("missing runas user, use -r to skip it"); - } - if (getuid() != 0 && skip_runas == 0) { + if (getuid() != 0 && skip_runas == 0) fatal("cannot drop privileges, use -r to skip it"); - } if (skip_runas) { if (!kore_quiet) diff --git a/src/domain.c b/src/domain.c @@ -222,7 +222,6 @@ kore_domain_tlsinit(struct kore_domain *dom, int type, { const u_int8_t *ptr; RSA *rsa; - BIO *bio; X509 *x509; EVP_PKEY *pkey; STACK_OF(X509_NAME) *certs; @@ -327,16 +326,8 @@ kore_domain_tlsinit(struct kore_domain *dom, int type, dom->domain, ssl_errno_s); } - if (tls_dhparam == NULL) { - if ((bio = BIO_new_file(KORE_DHPARAM_PATH, "r")) == NULL) - fatal("failed to open %s", KORE_DHPARAM_PATH); - - tls_dhparam = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); - BIO_free(bio); - - if (tls_dhparam == NULL) - fatal("PEM_read_bio_DHparams(): %s", ssl_errno_s); - } + if (tls_dhparam == NULL) + fatal("no DH parameters specified"); SSL_CTX_set_tmp_dh(dom->ssl_ctx, tls_dhparam); SSL_CTX_set_options(dom->ssl_ctx, SSL_OP_SINGLE_DH_USE);