From def887868a149dfb3d93ef8cefdaa50266af08e1 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 22 Jul 2013 14:49:28 -0700
Subject: [PATCH] Add option for private key.

---
 src/guacd/daemon.c | 38 +++++++++++++++++++++++++++++++-------
 1 file changed, 31 insertions(+), 7 deletions(-)

diff --git a/src/guacd/daemon.c b/src/guacd/daemon.c
index ee645eae..b7b24abb 100644
--- a/src/guacd/daemon.c
+++ b/src/guacd/daemon.c
@@ -367,6 +367,7 @@ int main(int argc, char* argv[]) {
 #ifdef ENABLE_SSL
     /* SSL */
     char* cert_file = NULL;
+    char* key_file = NULL;
     SSL_CTX* ssl_context = NULL;
 #endif
 
@@ -374,7 +375,7 @@ int main(int argc, char* argv[]) {
     int retval;
 
     /* Parse arguments */
-    while ((opt = getopt(argc, argv, "l:b:p:C:A:f")) != -1) {
+    while ((opt = getopt(argc, argv, "l:b:p:C:K:A:f")) != -1) {
         if (opt == 'l') {
             listen_port = strdup(optarg);
         }
@@ -391,12 +392,15 @@ int main(int argc, char* argv[]) {
         else if (opt == 'C') {
             cert_file = strdup(optarg);
         }
+        else if (opt == 'K') {
+            key_file = strdup(optarg);
+        }
         else if (opt == 'A') {
             fprintf(stderr, "The -a option is not yet implemented.\n");
             exit(EXIT_FAILURE);
         }
 #else
-        else if (opt == 'C' || opt == 'A') {
+        else if (opt == 'C' || opt == 'K' || opt == 'A') {
             fprintf(stderr,
                     "This %s does not have SSL/TLS support compiled in.\n"
                     "If you wish to enable support for the -%c option, please install libssl and "
@@ -413,6 +417,7 @@ int main(int argc, char* argv[]) {
                     " [-p PIDFILE]"
 #ifdef ENABLE_SSL
                     " [-C CERTIFICATE_FILE]"
+                    " [-K PEM_FILE]"
                     " [-A CIPHER1:CIPHER2:...]"
 #endif
                     " [-f]\n", argv[0]);
@@ -500,16 +505,30 @@ int main(int argc, char* argv[]) {
 
 #ifdef ENABLE_SSL
     /* Init SSL if enabled */
-    if (cert_file != NULL) {
+    if (key_file != NULL) {
 
-        guacd_log_info("Using certificate file %s", cert_file);
+        /* Init SSL */
         guacd_log_info("Communication will be encrypted with SSL/TLS.");
-
         SSL_library_init();
         SSL_load_error_strings();
-
         ssl_context = SSL_CTX_new(SSLv23_server_method());
 
+        /* Load key */
+        guacd_log_info("Using PEM keyfile %s", key_file);
+        if (!SSL_CTX_use_PrivateKey_file(ssl_context, key_file, SSL_FILETYPE_PEM)) {
+            guacd_log_error("Unable to load keyfile.");
+            exit(EXIT_FAILURE);
+        }
+
+        /* Load cert file if specified */
+        if (cert_file != NULL) {
+            guacd_log_info("Using certificate file %s", cert_file);
+            if (!SSL_CTX_use_certificate_file(ssl_context, cert_file, SSL_FILETYPE_PEM)) {
+                guacd_log_error("Unable to load certificate.");
+                exit(EXIT_FAILURE);
+            }
+        }
+
     }
 #endif
 
@@ -605,8 +624,13 @@ int main(int argc, char* argv[]) {
 #ifdef ENABLE_SSL
 
             /* If SSL chosen, use it */
-            if (ssl_context != NULL)
+            if (ssl_context != NULL) {
                 socket = guac_socket_open_secure(ssl_context, connected_socket_fd);
+                if (socket == NULL) {
+                    guacd_log_error("Error opening secure connection");
+                    return 0;
+                }
+            }
             else
                 socket = guac_socket_open(connected_socket_fd);
 #else