s4:lib/tls - include GNUTLS headers consistently using <...>

[samba.git] / source4 / lib / tls / tlscert.c

diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
index f2e79f2a8964ce8c935d59872881a9c3160f688a..0c780ea2f30f11b249811c2c7911cfa1f3f8fcc6 100644 (file)
--- a/source4/lib/tls/tlscert.c
+++ b/source4/lib/tls/tlscert.c
@@ -22,23 +22,22 @@
 #include "includes.h"
 
 #if ENABLE_GNUTLS
-#include "gnutls/gnutls.h"
-#include "gnutls/x509.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#if HAVE_GCRYPT_H
+#include <gcrypt.h>
+#endif
 
 #define ORGANISATION_NAME "Samba Administration"
 #define UNIT_NAME         "Samba - temporary autogenerated certificate"
-#define COMMON_NAME       "Samba"
 #define LIFETIME          700*24*60*60
 #define DH_BITS                  1024
 
-void tls_cert_generate(TALLOC_CTX *mem_ctx, 
-                      const char *keyfile, const char *certfile,
-                      const char *cafile);
-
 /* 
    auto-generate a set of self signed certificates
 */
 void tls_cert_generate(TALLOC_CTX *mem_ctx, 
+                      const char *hostname, 
                       const char *keyfile, const char *certfile,
                       const char *cafile)
 {
@@ -67,8 +66,14 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
 
        TLSCHECK(gnutls_global_init());
 
-       DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https\n"));
+       DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", 
+                hostname));
        
+#ifdef HAVE_GCRYPT_H
+       DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
+       gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+#endif
+
        DEBUG(3,("Generating private key\n"));
        TLSCHECK(gnutls_x509_privkey_init(&key));
        TLSCHECK(gnutls_x509_privkey_generate(key,   GNUTLS_PK_RSA, DH_BITS, 0));
@@ -87,7 +92,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
                                      UNIT_NAME, strlen(UNIT_NAME)));
        TLSCHECK(gnutls_x509_crt_set_dn_by_oid(cacrt,
                                      GNUTLS_OID_X520_COMMON_NAME, 0,
-                                     COMMON_NAME, strlen(COMMON_NAME)));
+                                     hostname, strlen(hostname)));
        TLSCHECK(gnutls_x509_crt_set_key(cacrt, cakey));
        TLSCHECK(gnutls_x509_crt_set_serial(cacrt, &serial, sizeof(serial)));
        TLSCHECK(gnutls_x509_crt_set_activation_time(cacrt, activation));
@@ -113,7 +118,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
                                      UNIT_NAME, strlen(UNIT_NAME)));
        TLSCHECK(gnutls_x509_crt_set_dn_by_oid(crt,
                                      GNUTLS_OID_X520_COMMON_NAME, 0,
-                                     COMMON_NAME, strlen(COMMON_NAME)));
+                                     hostname, strlen(hostname)));
        TLSCHECK(gnutls_x509_crt_set_key(crt, key));
        TLSCHECK(gnutls_x509_crt_set_serial(crt, &serial, sizeof(serial)));
        TLSCHECK(gnutls_x509_crt_set_activation_time(crt, activation));
@@ -133,15 +138,24 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
 
        bufsize = sizeof(buf);
        TLSCHECK(gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buf, &bufsize));
-       file_save(certfile, buf, bufsize);
+       if (!file_save(certfile, buf, bufsize)) {
+               DEBUG(0,("Unable to save certificate in %s parent dir exists ?\n", certfile));
+               goto failed;
+       }
 
        bufsize = sizeof(buf);
        TLSCHECK(gnutls_x509_crt_export(cacrt, GNUTLS_X509_FMT_PEM, buf, &bufsize));
-       file_save(cafile, buf, bufsize);
+       if (!file_save(cafile, buf, bufsize)) {
+               DEBUG(0,("Unable to save ca cert in %s parent dir exists ?\n", cafile));
+               goto failed;
+       }
 
        bufsize = sizeof(buf);
        TLSCHECK(gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &bufsize));
-       file_save(keyfile, buf, bufsize);
+       if (!file_save(keyfile, buf, bufsize)) {
+               DEBUG(0,("Unable to save privatekey in %s parent dir exists ?\n", keyfile));
+               goto failed;
+       }
 
        gnutls_x509_privkey_deinit(key);
        gnutls_x509_privkey_deinit(cakey);