From 658b3db2da59440ee8fd24cfee5d849a11055261 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 28 May 2009 07:21:22 +0000 Subject: [PATCH] =?utf8?q?W=C3=BCrg=20around=20some=20nasty=20axTLS=20keyi?= =?utf8?q?ng=20bugs?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- libs/nixio/axtls-config/.config | 4 ++-- libs/nixio/axtls-config/config.h | 4 ++-- libs/nixio/axtls-root/etc/axtls.key | 15 +++++++++++++++ libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey | 6 +++++- libs/nixio/src/tls-context.c | 2 +- 5 files changed, 25 insertions(+), 6 deletions(-) create mode 100644 libs/nixio/axtls-root/etc/axtls.key diff --git a/libs/nixio/axtls-config/.config b/libs/nixio/axtls-config/.config index ffc6a5e75..c0af7c78a 100644 --- a/libs/nixio/axtls-config/.config +++ b/libs/nixio/axtls-config/.config @@ -30,8 +30,8 @@ CONFIG_SSL_FULL_MODE=y # CONFIG_SSL_PROT_LOW is not set CONFIG_SSL_PROT_MEDIUM=y # CONFIG_SSL_PROT_HIGH is not set -CONFIG_SSL_USE_DEFAULT_KEY=y -CONFIG_SSL_PRIVATE_KEY_LOCATION="" +# CONFIG_SSL_USE_DEFAULT_KEY is not set +CONFIG_SSL_PRIVATE_KEY_LOCATION="/etc/axtls.key" CONFIG_SSL_PRIVATE_KEY_PASSWORD="" CONFIG_SSL_X509_CERT_LOCATION="" CONFIG_SSL_GENERATE_X509_CERT=y diff --git a/libs/nixio/axtls-config/config.h b/libs/nixio/axtls-config/config.h index a7fdcc721..1ced87dd5 100644 --- a/libs/nixio/axtls-config/config.h +++ b/libs/nixio/axtls-config/config.h @@ -31,8 +31,8 @@ #undef CONFIG_SSL_PROT_LOW #define CONFIG_SSL_PROT_MEDIUM 1 #undef CONFIG_SSL_PROT_HIGH -#define CONFIG_SSL_USE_DEFAULT_KEY 1 -#define CONFIG_SSL_PRIVATE_KEY_LOCATION "" +#undef CONFIG_SSL_USE_DEFAULT_KEY +#define CONFIG_SSL_PRIVATE_KEY_LOCATION "/etc/axtls.key" #define CONFIG_SSL_PRIVATE_KEY_PASSWORD "" #define CONFIG_SSL_X509_CERT_LOCATION "" #define CONFIG_SSL_GENERATE_X509_CERT 1 diff --git a/libs/nixio/axtls-root/etc/axtls.key b/libs/nixio/axtls-root/etc/axtls.key new file mode 100644 index 000000000..9bef6c043 --- /dev/null +++ b/libs/nixio/axtls-root/etc/axtls.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDEQfiRQgRD6BzI3iBa/ugdUmiqU8TvIMgzd7PT7bEnTk3stVEM +lSKkKpQlyf7F25DL2VnIEG7y592466XyZL3rwPT5/urvae3n6cmO7egOxdLO02Wz +74fMka2BHsFbTXzI8FHakatabnMlsB05+5NpsbfwWj0BDbrq8ZQ6kX0s8wIDAQAB +AoGAd8T259bM+ZAeeOst/bpQdwyCuWeT6IcuBlLH2M7W7PDZl1pz0uT0lhEyBfnG +1IKRVAYZx4FX5D9iTWbqCAo46COwDrqQHoxXwQ89O2FgXrHoi1ZGjrQyPLJLvz3w +HLzP4WjnOkr4Fy6v1UwCJetj/cdWByrAjWhYkDR6taxTxJECQQDxPqPCR80IOiMk +Dh0pmYgmfACYa/FNi5LwWVRs09KKe51PNWck8aZa0qhxX+dOR7ptw3SIaQQ5pow1 +7zZ/lhjLAkEA0ELvJePIG7N9pzR12mDYMUNTjcVJYkw0LF04zQu49C8yeSJRtDuR +e1UjnZ2iEAdPaU+ywLHm/vcR75gSj6S/eQJBANJBA7xpk5qeAM6FtojxFKZl4Kb3 +POGWycPMNzZ6Dr8/KUVFh9W8/n2dp8zYBuJExYiwlrnkvRf5va2sBNWB3a0CQANt +xrAyAt5p4xy4oWQaChUtjZec8utaY9WDJ2dA1Se4CzWxWfUEsg18xlxW9w8af7U1 +KbVAeJQkDziJoWyaAskCQQCxnGi/AepzNrozpJdlrAgwWjGOlSo16QBLpfrrqBc5 +iI50AWsTtqThcS6gRgE6/jo/Iat0kKhRLAcALVAOmJfd +-----END RSA PRIVATE KEY----- diff --git a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey index 4bfee88b0..22bb1f8cc 100755 --- a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey +++ b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey @@ -1,8 +1,12 @@ #!/usr/bin/lua local nixio = require "nixio" +local fs = require "nixio.fs" local posix local defkey = nixio.meta_tls_context.tls_defaultkey -if not defkey or io.open(defkey) then +local okey = "646e6b90d1ad02719cb1b221b7ce447a" + +if (not defkey or io.open(defkey)) and +not (nixio.crypto.hash("md5"):update(fs.readfile(defkey)):final()) == okey then os.exit(0) end diff --git a/libs/nixio/src/tls-context.c b/libs/nixio/src/tls-context.c index bcbe1fc24..59e06f449 100644 --- a/libs/nixio/src/tls-context.c +++ b/libs/nixio/src/tls-context.c @@ -222,7 +222,7 @@ void nixio_open_tls_context(lua_State *L) { lua_setfield(L, -2, "__index"); luaL_register(L, NULL, CTX_M); #ifdef WITH_AXTLS - lua_pushliteral(L, "/etc/private.rsa"); + lua_pushliteral(L, "/etc/axtls.key"); lua_setfield(L, -2, "tls_defaultkey"); #endif lua_setfield(L, -2, "meta_tls_context"); -- 2.11.0