Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Achou.Wang
accel-ppp
提交
0da2a120
A
accel-ppp
项目概览
Achou.Wang
/
accel-ppp
通知
6
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
A
accel-ppp
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
0da2a120
编写于
11月 29, 2017
作者:
V
Vladislav Grishenko
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
sstp: use ssl-keyfile option for certificate private key
if not set, fallback to private key in the same ssl-pemfile
上级
bfc5edb0
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
47 addition
and
48 deletion
+47
-48
accel-pppd/accel-ppp.conf
accel-pppd/accel-ppp.conf
+2
-1
accel-pppd/ctrl/sstp/sstp.c
accel-pppd/ctrl/sstp/sstp.c
+45
-47
未找到文件。
accel-pppd/accel-ppp.conf
浏览文件 @
0da2a120
...
...
@@ -117,7 +117,8 @@ verbose=1
#ssl-ciphers=DEFAULT
#ssl-prefer-server-ciphers=0
#ssl-ca-file=/etc/ssl/sstp-ca.crt
#ssl-pemfile=/etc/ssl/sstp.pem
#ssl-pemfile=/etc/ssl/sstp-cert.pem
#ssl-keyfile=/etc/ssl/sstp-key.pem
#timeout=60
#hello-interval=60
#ip-pool=sstp
...
...
accel-pppd/ctrl/sstp/sstp.c
浏览文件 @
0da2a120
...
...
@@ -1907,6 +1907,9 @@ static int hex2bin(const char *src, uint8_t *dst, size_t size)
static
void
load_config
(
void
)
{
char
*
opt
;
#ifdef CRYPTO_OPENSSL
BIO
*
in
;
#endif
opt
=
conf_get_opt
(
"sstp"
,
"cert-hash-proto"
);
if
(
opt
)
{
...
...
@@ -1942,59 +1945,54 @@ static void load_config(void)
conf_ssl_ca_file
=
conf_get_opt
(
"sstp"
,
"ssl-ca-file"
);
opt
=
conf_get_opt
(
"sstp"
,
"ssl-pemfile"
);
if
(
opt
)
{
BIO
*
in
;
in
=
BIO_new
(
BIO_s_file_internal
());
if
(
!
in
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_BUF_LIB
);
log_error
(
"sstp: SSL certificate error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
goto
done
;
}
if
(
BIO_read_filename
(
in
,
opt
)
<=
0
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_SYS_LIB
);
log_error
(
"sstp: SSL certificate error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
goto
done
;
}
conf_ssl_cert
=
PEM_read_bio_X509
(
in
,
NULL
,
NULL
,
NULL
);
if
(
!
conf_ssl_cert
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_PEM_LIB
);
log_error
(
"sstp: SSL certificate error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
goto
done
;
}
in
=
BIO_new
(
BIO_s_file_internal
());
if
(
in
)
{
opt
=
conf_get_opt
(
"sstp"
,
"ssl-pemfile"
);
if
(
opt
)
do
{
if
(
BIO_read_filename
(
in
,
opt
)
<=
0
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_SYS_LIB
);
log_error
(
"sstp: SSL certificate error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
break
;
}
if
(
conf_hash_protocol
&
CERT_HASH_PROTOCOL_SHA1
)
{
X509_digest
(
conf_ssl_cert
,
EVP_sha1
(),
conf_hash_sha1
.
hash
,
&
conf_hash_sha1
.
len
);
}
conf_ssl_cert
=
PEM_read_bio_X509
(
in
,
NULL
,
NULL
,
NULL
);
if
(
!
conf_ssl_cert
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_PEM_LIB
);
log_error
(
"sstp: SSL certificate error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
break
;
}
if
(
conf_hash_protocol
&
CERT_HASH_PROTOCOL_SHA256
)
{
X509_digest
(
conf_ssl_cert
,
EVP_sha256
(),
conf_hash_sha256
.
hash
,
&
conf_hash_sha256
.
len
);
}
if
(
conf_hash_protocol
&
CERT_HASH_PROTOCOL_SHA1
)
{
X509_digest
(
conf_ssl_cert
,
EVP_sha1
(),
conf_hash_sha1
.
hash
,
&
conf_hash_sha1
.
len
);
}
if
(
!
conf_ssl
)
goto
done
;
if
(
conf_hash_protocol
&
CERT_HASH_PROTOCOL_SHA256
)
{
X509_digest
(
conf_ssl_cert
,
EVP_sha256
(),
conf_hash_sha256
.
hash
,
&
conf_hash_sha256
.
len
);
}
}
while
(
0
);
if
(
BIO_read_filename
(
in
,
opt
)
<=
0
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_SYS_LIB
);
log_error
(
"sstp: SSL certificate error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
goto
done
;
}
opt
=
conf_get_opt
(
"sstp"
,
"ssl-keyfile"
)
?
:
opt
;
if
(
opt
&&
conf_ssl
)
do
{
if
(
BIO_read_filename
(
in
,
opt
)
<=
0
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_SYS_LIB
);
log_error
(
"sstp: SSL private key error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
break
;
}
conf_ssl_pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
NULL
,
NULL
);
if
(
!
conf_ssl_pkey
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE
,
ERR_R_PEM_LIB
);
log_error
(
"sstp: SSL certificate error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
goto
done
;
}
conf_ssl_pkey
=
PEM_read_bio_PrivateKey
(
in
,
NULL
,
NULL
,
NULL
);
if
(
!
conf_ssl_pkey
)
{
SSLerr
(
SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE
,
ERR_R_PEM_LIB
);
log_error
(
"sstp: SSL private key error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
break
;
}
}
while
(
0
);
done:
if
(
in
)
BIO_free
(
in
);
BIO_free
(
in
);
}
else
{
SSLerr
(
SSL_F_SSL_CTX_USE_CERTIFICATE_FILE
,
ERR_R_BUF_LIB
);
log_error
(
"sstp: SSL error: %s
\n
"
,
ERR_error_string
(
ERR_get_error
(),
NULL
));
}
#endif
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录