libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] SSL key passwords

From: Andrew Basile
Subject: Re: [libmicrohttpd] SSL key passwords
Date: Thu, 12 Feb 2015 08:36:36 -0800
Thank you, Christian Grothoff, for incorporating MHD_OPTION_HTTPS_KEY_PASSWORD into the library!

I attempted to build the changes on an older platform (CentOS 6.6) and came to realize that gnutls_certificate_set_x509_key_mem2(), the GnuTLS function needed if specifying a password, is not available in earlier versions of the GnuTLS library. So I added another preprocessor check, around that function call, to verify that the GnuTLS version is 3 or above. If a password was provided to MHD and the GnuTLS version is too old, then an error is returned. Attached are some simple code diffs, relative to the current SVN baseline, for your consideration.

Attachment: 201502112_svn_diffs.txt
Description: Text document


Regards,

Andrew Basile

On Feb 6, 2015, at 9:14 PM, Andrew Basile <address@hidden> wrote:

In one of my projects, we are using MHD and need to support SSL encrypted private keys, with passwords. I ended up modifying the MHD code to support propagating, in addition to an SSL certificate and key, an SSL key password through to GnuTLS. With some relatively simple changes in place, the option MHD_OPTION_HTTPS_KEY_PASSWORD can be used when calling MHD_start_daemon() to specify a const char * password string. Also, another debug message is added in order to report the code returned by GnuTLS in the event the SSL certificate/key cannot be processed.

reply via email to
[Prev in Thread] Current Thread [Next in Thread]