Würg around some nasty axTLS keying bugs
This commit is contained in:
Steven Barth
parent
b382538798
commit
658b3db2da
5 changed files with 25 additions and 6 deletions
|
|
@ -30,8 +30,8 @@ CONFIG_SSL_FULL_MODE=y
|
||||||
# CONFIG_SSL_PROT_LOW is not set
|
# CONFIG_SSL_PROT_LOW is not set
|
||||||
CONFIG_SSL_PROT_MEDIUM=y
|
CONFIG_SSL_PROT_MEDIUM=y
|
||||||
# CONFIG_SSL_PROT_HIGH is not set
|
# CONFIG_SSL_PROT_HIGH is not set
|
||||||
CONFIG_SSL_USE_DEFAULT_KEY=y
|
# CONFIG_SSL_USE_DEFAULT_KEY is not set
|
||||||
CONFIG_SSL_PRIVATE_KEY_LOCATION=""
|
CONFIG_SSL_PRIVATE_KEY_LOCATION="/etc/axtls.key"
|
||||||
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
|
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
|
||||||
CONFIG_SSL_X509_CERT_LOCATION=""
|
CONFIG_SSL_X509_CERT_LOCATION=""
|
||||||
CONFIG_SSL_GENERATE_X509_CERT=y
|
CONFIG_SSL_GENERATE_X509_CERT=y
|
||||||
|
|
|
||||||
|
|
@ -31,8 +31,8 @@
|
||||||
#undef CONFIG_SSL_PROT_LOW
|
#undef CONFIG_SSL_PROT_LOW
|
||||||
#define CONFIG_SSL_PROT_MEDIUM 1
|
#define CONFIG_SSL_PROT_MEDIUM 1
|
||||||
#undef CONFIG_SSL_PROT_HIGH
|
#undef CONFIG_SSL_PROT_HIGH
|
||||||
#define CONFIG_SSL_USE_DEFAULT_KEY 1
|
#undef CONFIG_SSL_USE_DEFAULT_KEY
|
||||||
#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
|
#define CONFIG_SSL_PRIVATE_KEY_LOCATION "/etc/axtls.key"
|
||||||
#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
|
#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
|
||||||
#define CONFIG_SSL_X509_CERT_LOCATION ""
|
#define CONFIG_SSL_X509_CERT_LOCATION ""
|
||||||
#define CONFIG_SSL_GENERATE_X509_CERT 1
|
#define CONFIG_SSL_GENERATE_X509_CERT 1
|
||||||
|
|
|
||||||
15
libs/nixio/axtls-root/etc/axtls.key
Normal file
15
libs/nixio/axtls-root/etc/axtls.key
Normal file
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXQIBAAKBgQDEQfiRQgRD6BzI3iBa/ugdUmiqU8TvIMgzd7PT7bEnTk3stVEM
|
||||||
|
lSKkKpQlyf7F25DL2VnIEG7y592466XyZL3rwPT5/urvae3n6cmO7egOxdLO02Wz
|
||||||
|
74fMka2BHsFbTXzI8FHakatabnMlsB05+5NpsbfwWj0BDbrq8ZQ6kX0s8wIDAQAB
|
||||||
|
AoGAd8T259bM+ZAeeOst/bpQdwyCuWeT6IcuBlLH2M7W7PDZl1pz0uT0lhEyBfnG
|
||||||
|
1IKRVAYZx4FX5D9iTWbqCAo46COwDrqQHoxXwQ89O2FgXrHoi1ZGjrQyPLJLvz3w
|
||||||
|
HLzP4WjnOkr4Fy6v1UwCJetj/cdWByrAjWhYkDR6taxTxJECQQDxPqPCR80IOiMk
|
||||||
|
Dh0pmYgmfACYa/FNi5LwWVRs09KKe51PNWck8aZa0qhxX+dOR7ptw3SIaQQ5pow1
|
||||||
|
7zZ/lhjLAkEA0ELvJePIG7N9pzR12mDYMUNTjcVJYkw0LF04zQu49C8yeSJRtDuR
|
||||||
|
e1UjnZ2iEAdPaU+ywLHm/vcR75gSj6S/eQJBANJBA7xpk5qeAM6FtojxFKZl4Kb3
|
||||||
|
POGWycPMNzZ6Dr8/KUVFh9W8/n2dp8zYBuJExYiwlrnkvRf5va2sBNWB3a0CQANt
|
||||||
|
xrAyAt5p4xy4oWQaChUtjZec8utaY9WDJ2dA1Se4CzWxWfUEsg18xlxW9w8af7U1
|
||||||
|
KbVAeJQkDziJoWyaAskCQQCxnGi/AepzNrozpJdlrAgwWjGOlSo16QBLpfrrqBc5
|
||||||
|
iI50AWsTtqThcS6gRgE6/jo/Iat0kKhRLAcALVAOmJfd
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
@ -1,8 +1,12 @@
|
||||||
#!/usr/bin/lua
|
#!/usr/bin/lua
|
||||||
local nixio = require "nixio"
|
local nixio = require "nixio"
|
||||||
|
local fs = require "nixio.fs"
|
||||||
local posix
|
local posix
|
||||||
local defkey = nixio.meta_tls_context.tls_defaultkey
|
local defkey = nixio.meta_tls_context.tls_defaultkey
|
||||||
if not defkey or io.open(defkey) then
|
local okey = "646e6b90d1ad02719cb1b221b7ce447a"
|
||||||
|
|
||||||
|
if (not defkey or io.open(defkey)) and
|
||||||
|
not (nixio.crypto.hash("md5"):update(fs.readfile(defkey)):final()) == okey then
|
||||||
os.exit(0)
|
os.exit(0)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -222,7 +222,7 @@ void nixio_open_tls_context(lua_State *L) {
|
||||||
lua_setfield(L, -2, "__index");
|
lua_setfield(L, -2, "__index");
|
||||||
luaL_register(L, NULL, CTX_M);
|
luaL_register(L, NULL, CTX_M);
|
||||||
#ifdef WITH_AXTLS
|
#ifdef WITH_AXTLS
|
||||||
lua_pushliteral(L, "/etc/private.rsa");
|
lua_pushliteral(L, "/etc/axtls.key");
|
||||||
lua_setfield(L, -2, "tls_defaultkey");
|
lua_setfield(L, -2, "tls_defaultkey");
|
||||||
#endif
|
#endif
|
||||||
lua_setfield(L, -2, "meta_tls_context");
|
lua_setfield(L, -2, "meta_tls_context");
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue