simono41/shellinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Avoid closing the certificate file twice. Tweak make-chained-cert.sh script to

Browse source 
generate long-lasting certificates no matter the system defaults.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@91 0da03de8-d603-11dd-86c2-0f8696b7b6f9
This commit is contained in:
zodiac 2009-03-29 22:20:59 +00:00
parent 1ea698ad72
commit 3edcc43298
5 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.h
View file

@ -95,7 +95,7 @@
#define STDC_HEADERS 1 #define STDC_HEADERS 1
/* Most recent revision number in the version control system */ /* Most recent revision number in the version control system */
#define VCS_REVISION "90" #define VCS_REVISION "91"
/* Version number of package */ /* Version number of package */
#define VERSION "2.5" #define VERSION "2.5"

2
configure vendored
View file

@ -2055,7 +2055,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_compiler_gnu=$ac_cv_c_compiler_gnu
VCS_REVISION=90 VCS_REVISION=91
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF

2
configure.ac
View file

@ -2,7 +2,7 @@ AC_PREREQ(2.57)
dnl This is the one location where the authoritative version number is stored dnl This is the one location where the authoritative version number is stored
AC_INIT(shellinabox, 2.5, markus@shellinabox.com) AC_INIT(shellinabox, 2.5, markus@shellinabox.com)
VCS_REVISION=90 VCS_REVISION=91
AC_SUBST(VCS_REVISION) AC_SUBST(VCS_REVISION)
AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}", AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}",
[Most recent revision number in the version control system]) [Most recent revision number in the version control system])

5
libhttp/ssl.c
View file

@ -492,7 +492,6 @@ static int sslSetCertificateFromFile(SSL_CTX *context,
return -1; return -1;
} }
int rc = sslSetCertificateFromFd(context, fd); int rc = sslSetCertificateFromFd(context, fd);
NOINTR(close(fd));
return rc; return rc;
} }
#endif #endif
@ -664,10 +663,12 @@ static char *sslFdToFilename(int fd) {
void sslSetCertificateFd(struct SSLSupport *ssl, int fd) { void sslSetCertificateFd(struct SSLSupport *ssl, int fd) {
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
check(ssl->sslContext = SSL_CTX_new(SSLv23_server_method())); check(ssl->sslContext = SSL_CTX_new(SSLv23_server_method()));
char *filename = sslFdToFilename(fd);
if (!sslSetCertificateFromFd(ssl->sslContext, fd)) { if (!sslSetCertificateFromFd(ssl->sslContext, fd)) {
fatal("Cannot read valid certificate from %s. Check file format.", fatal("Cannot read valid certificate from %s. Check file format.",
sslFdToFilename(fd)); filename);
} }
free(filename);
ssl->generateMissing = 0; ssl->generateMissing = 0;
#endif #endif
} }

2
make-chained-cert.sh
View file

@ -18,7 +18,7 @@ openssl req -nodes -new -keyout /dev/stdout \
2>/dev/null | cat 2>/dev/null | cat
openssl ca -batch -keyfile "${tmp}/ca-key.pem" -cert "${tmp}/ca-cert.crt" \ openssl ca -batch -keyfile "${tmp}/ca-key.pem" -cert "${tmp}/ca-cert.crt" \
-notext -policy policy_anything -out /dev/stdout \ -notext -policy policy_anything -days 7300 -out /dev/stdout \
-infiles "${tmp}/ssl-req.pem" 2>/dev/null | cat -infiles "${tmp}/ssl-req.pem" 2>/dev/null | cat
cat "${tmp}/ca-cert.crt" cat "${tmp}/ca-cert.crt"