[PATCH] Add (alpha) GnuTLS support to Mathopd

Sun, 23 Sep 2007 21:43:56 -0700 

Hi all,

While I usually hold off on sending in patches until they are complete with 
documentation and fully tested, this one has been a Wishlist item for Mathopd 
for a while, so I thought I'd send it through for anyone to play with...

It is a preliminary patch for TLSv1/SSLv3 support for Mathopd 1.5p6, based on 
GnuTLS. I haven't had time to clean this up and put in the relevant 
documentation as in the above patches, but I wanted to get it out there for 
people to try. The quick patch created here is a straight dump of my local 
svn repository, so it includes my other two patches for now. When I get a 
chance later, I should clean it up to only include GnuTLS, and provide the 
1.6b9 version of the patch, too.

WARNING: This patch is only trivially tested, and is considered ALPHA quality 
for the moment! Use at your own risk, but feel free to let me know about any 
problems you have...

Quick HowTo: 

        Server { 
                TLS { 
                        CACertFile ca-cert.pem 
                        CRLFile crl.pem 
                        CertFile cert.pem 
                        KeyFile key.pem 
                        DHParamsFile dhparams.pem 
                        DHBits 1024 
                } 
                Control { 
                        Alias / 
                        Location /www/ 
                } 
        }

CertFile is the only required option, but if KeyFile is not supplied, CertFile 
must contain the private key as well. DHBits defaults to 1024, DH Params are 
generated if not supplied (but this can take some time, so for repeated 
testing, a dhparams file is suggested).

Everything seems to work, so far; I've not tested it extensively, but plain 
files and cgi scripts both appear to work as expected. Most things produce 
sensible error messages, but again, I haven't tested all possibilities.

This patch does NOT support SSLv2. I don't know if anyone on the planet is 
still using SSLv2 (it has been deprecated for over a decade), but when I get 
a chance I'll see how hard it is to include as well.

Patch: http://opensource.stobor.net/mathopd/gnutls.1.5p6.diff (or see 
attached). 

As usual, apply using:

/tmp/mathopd-1.5p6$ gunzip gnutls.1.5p6.diff.gz | patch -p1

Further details will follow at http://opensource.stobor.net/mathopd/#GnuTLS

As always, if you have any problems, questions or comments, please don't 
hesitate to get back to me.

Cheers,

Allwyn.

-- 
Allwyn Fernandes
Director
Stobor Pty Ltd

Mobile: + 61 430 436 758
LinkedIn: http://www.linkedin.com/in/AllwynFernandes

Attachment: gnutls.1.5p6.diff.gz
Description: GNU Zip compressed data

Reply via email to