Würg around some nasty axTLS keying bugs

diff --git a/libs/nixio/axtls-config/.config b/libs/nixio/axtls-config/.config
index ffc6a5e..c0af7c7 100644 (file)
--- a/libs/nixio/axtls-config/.config
+++ b/libs/nixio/axtls-config/.config
@@ -30,8 +30,8 @@ CONFIG_SSL_FULL_MODE=y
 # CONFIG_SSL_PROT_LOW is not set
 CONFIG_SSL_PROT_MEDIUM=y
 # CONFIG_SSL_PROT_HIGH is not set
-CONFIG_SSL_USE_DEFAULT_KEY=y
-CONFIG_SSL_PRIVATE_KEY_LOCATION=""
+# CONFIG_SSL_USE_DEFAULT_KEY is not set
+CONFIG_SSL_PRIVATE_KEY_LOCATION="/etc/axtls.key"
 CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
 CONFIG_SSL_X509_CERT_LOCATION=""
 CONFIG_SSL_GENERATE_X509_CERT=y

diff --git a/libs/nixio/axtls-config/config.h b/libs/nixio/axtls-config/config.h
index a7fdcc7..1ced87d 100644 (file)
--- a/libs/nixio/axtls-config/config.h
+++ b/libs/nixio/axtls-config/config.h
@@ -31,8 +31,8 @@
 #undef CONFIG_SSL_PROT_LOW
 #define CONFIG_SSL_PROT_MEDIUM 1
 #undef CONFIG_SSL_PROT_HIGH
-#define CONFIG_SSL_USE_DEFAULT_KEY 1
-#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
+#undef CONFIG_SSL_USE_DEFAULT_KEY
+#define CONFIG_SSL_PRIVATE_KEY_LOCATION "/etc/axtls.key"
 #define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
 #define CONFIG_SSL_X509_CERT_LOCATION ""
 #define CONFIG_SSL_GENERATE_X509_CERT 1

diff --git a/libs/nixio/axtls-root/etc/axtls.key b/libs/nixio/axtls-root/etc/axtls.key
new file mode 100644 (file)
index 0000000..9bef6c0
--- /dev/null
+++ b/libs/nixio/axtls-root/etc/axtls.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDEQfiRQgRD6BzI3iBa/ugdUmiqU8TvIMgzd7PT7bEnTk3stVEM
+lSKkKpQlyf7F25DL2VnIEG7y592466XyZL3rwPT5/urvae3n6cmO7egOxdLO02Wz
+74fMka2BHsFbTXzI8FHakatabnMlsB05+5NpsbfwWj0BDbrq8ZQ6kX0s8wIDAQAB
+AoGAd8T259bM+ZAeeOst/bpQdwyCuWeT6IcuBlLH2M7W7PDZl1pz0uT0lhEyBfnG
+1IKRVAYZx4FX5D9iTWbqCAo46COwDrqQHoxXwQ89O2FgXrHoi1ZGjrQyPLJLvz3w
+HLzP4WjnOkr4Fy6v1UwCJetj/cdWByrAjWhYkDR6taxTxJECQQDxPqPCR80IOiMk
+Dh0pmYgmfACYa/FNi5LwWVRs09KKe51PNWck8aZa0qhxX+dOR7ptw3SIaQQ5pow1
+7zZ/lhjLAkEA0ELvJePIG7N9pzR12mDYMUNTjcVJYkw0LF04zQu49C8yeSJRtDuR
+e1UjnZ2iEAdPaU+ywLHm/vcR75gSj6S/eQJBANJBA7xpk5qeAM6FtojxFKZl4Kb3
+POGWycPMNzZ6Dr8/KUVFh9W8/n2dp8zYBuJExYiwlrnkvRf5va2sBNWB3a0CQANt
+xrAyAt5p4xy4oWQaChUtjZec8utaY9WDJ2dA1Se4CzWxWfUEsg18xlxW9w8af7U1
+KbVAeJQkDziJoWyaAskCQQCxnGi/AepzNrozpJdlrAgwWjGOlSo16QBLpfrrqBc5
+iI50AWsTtqThcS6gRgE6/jo/Iat0kKhRLAcALVAOmJfd
+-----END RSA PRIVATE KEY-----

diff --git a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
index 4bfee88..22bb1f8 100755 (executable)
--- a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
+++ b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
@@ -1,8 +1,12 @@
 #!/usr/bin/lua
 local nixio = require "nixio"
+local fs = require "nixio.fs"
 local posix
 local defkey = nixio.meta_tls_context.tls_defaultkey
-if not defkey or io.open(defkey) then
+local okey = "646e6b90d1ad02719cb1b221b7ce447a"
+
+if (not defkey or io.open(defkey)) and
+not (nixio.crypto.hash("md5"):update(fs.readfile(defkey)):final()) == okey then
        os.exit(0)
 end
 

diff --git a/libs/nixio/src/tls-context.c b/libs/nixio/src/tls-context.c
index bcbe1fc..59e06f4 100644 (file)
--- a/libs/nixio/src/tls-context.c
+++ b/libs/nixio/src/tls-context.c
@@ -222,7 +222,7 @@ void nixio_open_tls_context(lua_State *L) {
        lua_setfield(L, -2, "__index");
        luaL_register(L, NULL, CTX_M);
 #ifdef WITH_AXTLS
-    lua_pushliteral(L, "/etc/private.rsa");
+    lua_pushliteral(L, "/etc/axtls.key");
     lua_setfield(L, -2, "tls_defaultkey");
 #endif
        lua_setfield(L, -2, "meta_tls_context");