diff options
| -rw-r--r-- | doc/imrelp.html | 11 | ||||
| -rw-r--r-- | plugins/imrelp/imrelp.c | 6 |
2 files changed, 17 insertions, 0 deletions
diff --git a/doc/imrelp.html b/doc/imrelp.html index 80117299..3795fb76 100644 --- a/doc/imrelp.html +++ b/doc/imrelp.html @@ -59,6 +59,17 @@ to changes/upgrades in GnuTLS (to check at config processing time, we would need to hardcode the supported bits and keep them in sync with GnuTLS - this is even impossible when custom GnuTLS changes are made...). </li> +<li><b>tls.prioritystring</b> (not mandatory, string)<br> +This parameter permits to specify the so-called "priority string" to +GnuTLS. This string gives complete control over all crypto parameters, +including compression setting. For this reason, when the prioritystring +is specified, the "tls.compression" parameter has no effect and is +ignored. +<br>Full information about how to construct a priority string can be +found in the GnuTLS manual. At the time of this writing, this +information was contained in +<a href="http://gnutls.org/manual/html_node/Priority-Strings.html">section 6.10 of the GnuTLS manual</a>. +</li> </ul> <b>Caveats/Known Bugs:</b> <ul> diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c index 100574b1..e0082f89 100644 --- a/plugins/imrelp/imrelp.c +++ b/plugins/imrelp/imrelp.c @@ -77,6 +77,7 @@ struct instanceConf_s { sbool bEnableTLS; sbool bEnableTLSZip; int dhBits; + uchar *pristring; /* GnuTLS priority string (NULL if not to be provided) */ struct instanceConf_s *next; }; @@ -106,6 +107,7 @@ static struct cnfparamdescr inppdescr[] = { { "port", eCmdHdlrString, CNFPARAM_REQUIRED }, { "tls", eCmdHdlrBinary, 0 }, { "tls.dhbits", eCmdHdlrInt, 0 }, + { "tls.prioritystring", eCmdHdlrInt, 0 }, { "tls.compression", eCmdHdlrBinary, 0 } }; static struct cnfparamblk inppblk = @@ -174,6 +176,7 @@ createInstance(instanceConf_t **pinst) inst->bEnableTLS = 0; inst->bEnableTLSZip = 0; inst->dhBits = 0; + inst->pristring = NULL; /* node created, let's add to config */ if(loadModConf->tail == NULL) { @@ -246,6 +249,7 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst) if(inst->dhBits) { relpSrvSetDHBits(pSrv, inst->dhBits); } + relpSrvSetGnuTLSPriString(pSrv, (char*)inst->pristring); } CHKiRet(relpEngineListnerConstructFinalize(pRelpEngine, pSrv)); @@ -284,6 +288,8 @@ CODESTARTnewInpInst inst->bEnableTLS = (unsigned) pvals[i].val.d.n; } else if(!strcmp(inppblk.descr[i].name, "tls.dhbits")) { inst->dhBits = (unsigned) pvals[i].val.d.n; + } else if(!strcmp(inppblk.descr[i].name, "tls.prioritystring")) { + inst->pristring = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else if(!strcmp(inppblk.descr[i].name, "tls.compression")) { inst->bEnableTLSZip = (unsigned) pvals[i].val.d.n; } else { |