maride/guacamole-spice-protocol
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add option for private key.

Browse Source
This commit is contained in:
Michael Jumper 2013-07-22 14:49:28 -07:00
parent 3140dbb20b
commit def887868a
1 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/guacd/daemon.c
View File

@ -367,6 +367,7 @@ int main(int argc, char* argv[]) {
#ifdef ENABLE_SSL #ifdef ENABLE_SSL
/* SSL */ /* SSL */
char* cert_file = NULL; char* cert_file = NULL;
char* key_file = NULL;
SSL_CTX* ssl_context = NULL; SSL_CTX* ssl_context = NULL;
#endif #endif
@ -374,7 +375,7 @@ int main(int argc, char* argv[]) {
int retval; int retval;
/* Parse arguments */ /* Parse arguments */
while ((opt = getopt(argc, argv, "l:b:p:C:A:f")) != -1) { while ((opt = getopt(argc, argv, "l:b:p:C:K:A:f")) != -1) {
if (opt == 'l') { if (opt == 'l') {
listen_port = strdup(optarg); listen_port = strdup(optarg);
} }
@ -391,12 +392,15 @@ int main(int argc, char* argv[]) {
else if (opt == 'C') { else if (opt == 'C') {
cert_file = strdup(optarg); cert_file = strdup(optarg);
} }
else if (opt == 'K') {
key_file = strdup(optarg);
}
else if (opt == 'A') { else if (opt == 'A') {
fprintf(stderr, "The -a option is not yet implemented.\n"); fprintf(stderr, "The -a option is not yet implemented.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
#else #else
else if (opt == 'C' || opt == 'A') { else if (opt == 'C' || opt == 'K' || opt == 'A') {
fprintf(stderr, fprintf(stderr,
"This %s does not have SSL/TLS support compiled in.\n" "This %s does not have SSL/TLS support compiled in.\n"
"If you wish to enable support for the -%c option, please install libssl and " "If you wish to enable support for the -%c option, please install libssl and "
@ -413,6 +417,7 @@ int main(int argc, char* argv[]) {
" [-p PIDFILE]" " [-p PIDFILE]"
#ifdef ENABLE_SSL #ifdef ENABLE_SSL
" [-C CERTIFICATE_FILE]" " [-C CERTIFICATE_FILE]"
" [-K PEM_FILE]"
" [-A CIPHER1:CIPHER2:...]" " [-A CIPHER1:CIPHER2:...]"
#endif #endif
" [-f]\n", argv[0]); " [-f]\n", argv[0]);
@ -500,16 +505,30 @@ int main(int argc, char* argv[]) {
#ifdef ENABLE_SSL #ifdef ENABLE_SSL
/* Init SSL if enabled */ /* Init SSL if enabled */
if (cert_file != NULL) { if (key_file != NULL) {
guacd_log_info("Using certificate file %s", cert_file); /* Init SSL */
guacd_log_info("Communication will be encrypted with SSL/TLS."); guacd_log_info("Communication will be encrypted with SSL/TLS.");
SSL_library_init(); SSL_library_init();
SSL_load_error_strings(); SSL_load_error_strings();
ssl_context = SSL_CTX_new(SSLv23_server_method()); ssl_context = SSL_CTX_new(SSLv23_server_method());
/* Load key */
guacd_log_info("Using PEM keyfile %s", key_file);
if (!SSL_CTX_use_PrivateKey_file(ssl_context, key_file, SSL_FILETYPE_PEM)) {
guacd_log_error("Unable to load keyfile.");
exit(EXIT_FAILURE);
}
/* Load cert file if specified */
if (cert_file != NULL) {
guacd_log_info("Using certificate file %s", cert_file);
if (!SSL_CTX_use_certificate_file(ssl_context, cert_file, SSL_FILETYPE_PEM)) {
guacd_log_error("Unable to load certificate.");
exit(EXIT_FAILURE);
}
}
} }
#endif #endif
@ -605,8 +624,13 @@ int main(int argc, char* argv[]) {
#ifdef ENABLE_SSL #ifdef ENABLE_SSL
/* If SSL chosen, use it */ /* If SSL chosen, use it */
if (ssl_context != NULL) if (ssl_context != NULL) {
socket = guac_socket_open_secure(ssl_context, connected_socket_fd); socket = guac_socket_open_secure(ssl_context, connected_socket_fd);
if (socket == NULL) {
guacd_log_error("Error opening secure connection");
return 0;
}
}
else else
socket = guac_socket_open(connected_socket_fd); socket = guac_socket_open(connected_socket_fd);
#else #else