xcat-dep/conserver/certificate-auth.patch

diff -ur conserver-8.1.16/conserver/main.c conserver-8.1.16-ssl/conserver/main.c
--- conserver-8.1.16/conserver/main.c	2007-04-02 13:59:16.000000000 -0400
+++ conserver-8.1.16-ssl/conserver/main.c	2008-01-09 12:46:30.000000000 -0500
@@ -357,7 +357,7 @@
 	} else {
 	    ciphers = "ALL:!LOW:!EXP:!MD5:@STRENGTH";
 	}
-	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
+	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSLVerifyCallback);
 	SSL_CTX_set_options(ctx,
 			    SSL_OP_ALL | SSL_OP_NO_SSLv2 |
 			    SSL_OP_SINGLE_DH_USE);
@@ -365,6 +365,9 @@
 			 SSL_MODE_ENABLE_PARTIAL_WRITE |
 			 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
 			 SSL_MODE_AUTO_RETRY);
+	if (config->sslauthority != (char *)0) {
+	    SSL_CTX_load_verify_locations(ctx,config->sslauthority,"");
+	}
 	SSL_CTX_set_tmp_dh_callback(ctx, TmpDHCallback);
 	if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {
 	    Error("SetupSSL(): setting SSL cipher list failed");
@@ -1190,6 +1193,12 @@
 		if ((optConf->secondaryport = StrDup(optarg)) == (char *)0)
 		    OutOfMem();
 		break;
+	    case 'A':
+#if HAVE_OPENSSL
+		if ((optConf->sslauthority = StrDup(optarg)) == (char*)0) 
+		    OutOfMem();
+#endif
+		break;
 	    case 'c':
 #if HAVE_OPENSSL
 		if ((optConf->sslcredentials =
@@ -1529,6 +1538,12 @@
     else
 	config->sslrequired = defConfig.sslrequired;
 
+    if (optConf->sslauthority != (char *)0)
+	config->sslauthority = StrDup(optConf->sslauthority);
+    else if (pConfig->sslauthority != (char *)0)
+	config->sslauthority = StrDup(pConfig->sslauthority);
+    else
+	config->sslauthority = StrDup(defConfig.sslauthority);
     if (optConf->sslcredentials != (char *)0)
 	config->sslcredentials = StrDup(optConf->sslcredentials);
     else if (pConfig->sslcredentials != (char *)0)
diff -ur conserver-8.1.16/conserver/readcfg.c conserver-8.1.16-ssl/conserver/readcfg.c
--- conserver-8.1.16/conserver/readcfg.c	2007-04-02 13:59:16.000000000 -0400
+++ conserver-8.1.16-ssl/conserver/readcfg.c	2008-01-09 12:41:08.000000000 -0500
@@ -4385,6 +4385,8 @@
 #if HAVE_OPENSSL
     if (c->sslcredentials != (char *)0)
 	free(c->sslcredentials);
+    if (c->sslauthority != (char *)0)
+	free(c->sslauthority);
 #endif
     free(c);
 }
@@ -4474,6 +4476,12 @@
 		parserConfigTemp->secondaryport = (char *)0;
 	    }
 #if HAVE_OPENSSL
+	    if (parserConfigTemp->sslauthority != (char *)0) {
+		if (pConfig->sslauthority != (char *)0)
+		    free(pConfig->sslauthority);
+		pConfig->sslauthority = parserConfigTemp->sslauthority;
+		parserConfigTemp->sslauthority = (char *)0;
+	    }
 	    if (parserConfigTemp->sslcredentials != (char *)0) {
 		if (pConfig->sslcredentials != (char *)0)
 		    free(pConfig->sslcredentials);
@@ -4786,6 +4794,33 @@
 
 void
 #if PROTOTYPES
+ConfigItemSslauthority(char *id)
+#else
+ConfigItemSslauthority(id)
+    char *id;
+#endif
+{
+    CONDDEBUG((1, "ConfigItemSslauthority(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslauthority != (char *)0)
+	free(parserConfigTemp->sslauthority);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslauthority = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslauthority = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    if (isMaster)
+	Error
+	    ("sslauthority ignored - encryption not compiled into code [%s:%d]",
+	     file, line);
+#endif
+}
+
+void
+#if PROTOTYPES
 ConfigItemSslcredentials(char *id)
 #else
 ConfigItemSslcredentials(id)
@@ -4962,6 +4997,7 @@
     {"secondaryport", ConfigItemSecondaryport},
     {"setproctitle", ConfigItemSetproctitle},
     {"sslcredentials", ConfigItemSslcredentials},
+    {"sslauthority", ConfigItemSslauthority},
     {"sslrequired", ConfigItemSslrequired},
     {"unifiedlog", ConfigItemUnifiedlog},
     {(char *)0, (void *)0}
@@ -5250,6 +5286,27 @@
 	}
 #endif
 #if HAVE_OPENSSL
+	if (optConf->sslauthority == (char *)0) {
+	    if (pConfig->sslauthority == (char *)0) {
+		if (config->sslauthority != (char *)0) {
+		    free(config->sslauthority);
+		    config->sslauthority = (char *)0;
+		    Msg("warning: `sslauthority' config option changed - you must restart for it to take effect");
+		}
+	    } else {
+		if (config->sslauthority == (char *)0 ||
+		    strcmp(pConfig->sslauthority,
+			   config->sslauthority) != 0) {
+		    if (config->sslauthority != (char *)0)
+			free(config->sslauthority);
+		    if ((config->sslauthority =
+			 StrDup(pConfig->sslauthority))
+			== (char *)0)
+			OutOfMem();
+		    Msg("warning: `sslauthority' config option changed - you must restart for it to take effect");
+		}
+	    }
+	}
 	if (optConf->sslcredentials == (char *)0) {
 	    if (pConfig->sslcredentials == (char *)0) {
 		if (config->sslcredentials != (char *)0) {
diff -ur conserver-8.1.16/conserver/readcfg.h conserver-8.1.16-ssl/conserver/readcfg.h
--- conserver-8.1.16/conserver/readcfg.h	2005-06-10 22:30:31.000000000 -0400
+++ conserver-8.1.16-ssl/conserver/readcfg.h	2008-01-09 08:10:54.000000000 -0500
@@ -27,6 +27,7 @@
 #endif
 #if HAVE_OPENSSL
     char *sslcredentials;
+    char *sslauthority;
     FLAG sslrequired;
 #endif
 } CONFIG;
diff -ur conserver-8.1.16/console/console.c conserver-8.1.16-ssl/console/console.c
--- conserver-8.1.16/console/console.c	2006-06-14 23:01:05.000000000 -0400
+++ conserver-8.1.16-ssl/console/console.c	2008-01-09 12:49:39.000000000 -0500
@@ -105,7 +105,7 @@
 	} else {
 	    ciphers = "ALL:!LOW:!EXP:!MD5:@STRENGTH";
 	}
-	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);
+	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSLVerifyCallback);
 	SSL_CTX_set_options(ctx,
 			    SSL_OP_ALL | SSL_OP_NO_SSLv2 |
 			    SSL_OP_SINGLE_DH_USE);
@@ -113,6 +113,9 @@
 			 SSL_MODE_ENABLE_PARTIAL_WRITE |
 			 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
 			 SSL_MODE_AUTO_RETRY);
+	if (config->sslauthority != (char *)0) {
+	    SSL_CTX_load_verify_locations(ctx, config->sslauthority,"");
+	}
 	if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {
 	    Error("Setting SSL cipher list failed");
 	    Bye(EX_UNAVAILABLE);
@@ -2204,6 +2207,14 @@
 	config->playback = 0;
 
 #if HAVE_OPENSSL
+    if (optConf->sslauthority != (char *)0 &&
+	optConf->sslauthority[0] != '\000')
+	config->sslauthority = StrDup(optConf->sslauthority);
+    else if (pConfig->sslauthority != (char *)0 &&
+	     pConfig->sslauthority[0] != '\000')
+	config->sslauthority = StrDup(pConfig->sslauthority);
+    else
+	config->sslauthority = (char *)0;
     if (optConf->sslcredentials != (char *)0 &&
 	optConf->sslcredentials[0] != '\000')
 	config->sslcredentials = StrDup(optConf->sslcredentials);
diff -ur conserver-8.1.16/console/readconf.c conserver-8.1.16-ssl/console/readconf.c
--- conserver-8.1.16/console/readconf.c	2006-04-03 09:32:12.000000000 -0400
+++ conserver-8.1.16-ssl/console/readconf.c	2008-01-09 11:14:20.000000000 -0500
@@ -37,6 +37,8 @@
     if (c->escape != (char *)0)
 	free(c->escape);
 #if HAVE_OPENSSL
+    if (c->sslauthority != (char *)0)
+	free(c->sslauthority);
     if (c->sslcredentials != (char *)0)
 	free(c->sslcredentials);
 #endif
@@ -86,6 +88,13 @@
     if (parserConfigDefault->playback != FLAGUNKNOWN)
 	c->playback = parserConfigDefault->playback;
 #if HAVE_OPENSSL
+    if (parserConfigDefault->sslauthority != (char *)0) {
+	if (c->sslauthority != (char *)0)
+	    free(c->sslauthority);
+	if ((c->sslauthority =
+	     StrDup(parserConfigDefault->sslauthority)) == (char *)0)
+	    OutOfMem();
+    }
     if (parserConfigDefault->sslcredentials != (char *)0) {
 	if (c->sslcredentials != (char *)0)
 	    free(c->sslcredentials);
@@ -480,6 +489,32 @@
 
 void
 #if PROTOTYPES
+ConfigItemSslauthority(char *id)
+#else
+ConfigItemSslauthority(id)
+    char *id;
+#endif
+{
+    CONDDEBUG((1, "ConfigItemSslauthority(%s) [%s:%d]", id, file, line));
+#if HAVE_OPENSSL
+    if (parserConfigTemp->sslauthority != (char *)0)
+	free(parserConfigTemp->sslauthority);
+
+    if ((id == (char *)0) || (*id == '\000')) {
+	parserConfigTemp->sslauthority = (char *)0;
+	return;
+    }
+    if ((parserConfigTemp->sslauthority = StrDup(id)) == (char *)0)
+	OutOfMem();
+#else
+    Error
+	("sslauthority ignored - encryption not compiled into code [%s:%d]",
+	 file, line);
+#endif
+}
+
+void
+#if PROTOTYPES
 ConfigItemSslcredentials(char *id)
 #else
 ConfigItemSslcredentials(id)
@@ -712,6 +747,7 @@
     {"port", ConfigItemPort},
     {"replay", ConfigItemReplay},
     {"sslcredentials", ConfigItemSslcredentials},
+    {"sslauthority", ConfigItemSslauthority},
     {"sslrequired", ConfigItemSslrequired},
     {"sslenabled", ConfigItemSslenabled},
     {"striphigh", ConfigItemStriphigh},
diff -ur conserver-8.1.16/console/readconf.h conserver-8.1.16-ssl/console/readconf.h
--- conserver-8.1.16/console/readconf.h	2006-04-03 09:32:12.000000000 -0400
+++ conserver-8.1.16-ssl/console/readconf.h	2008-01-09 11:07:41.000000000 -0500
@@ -18,6 +18,7 @@
     unsigned short playback;
 #if HAVE_OPENSSL
     char *sslcredentials;
+    char *sslauthority;
     FLAG sslrequired;
     FLAG sslenabled;
 #endif
A patch for conserver to enable client certificate authentication. One final task need be done before I would think it good to submit upstream, and that is to specify to fail on lack of client certificates only when specified in an option file. The rest should not change conserver behavior without administrator/user request. 2008-01-09 22:11:29 +00:00			`diff -ur conserver-8.1.16/conserver/main.c conserver-8.1.16-ssl/conserver/main.c`
			`--- conserver-8.1.16/conserver/main.c 2007-04-02 13:59:16.000000000 -0400`
			`+++ conserver-8.1.16-ssl/conserver/main.c 2008-01-09 12:46:30.000000000 -0500`
			`@@ -357,7 +357,7 @@`
			`} else {`
			`ciphers = "ALL:!LOW:!EXP:!MD5:@STRENGTH";`
			`}`
			`- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);`
			`+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSLVerifyCallback);`
			`SSL_CTX_set_options(ctx,`
			`SSL_OP_ALL \| SSL_OP_NO_SSLv2 \|`
			`SSL_OP_SINGLE_DH_USE);`
			`@@ -365,6 +365,9 @@`
			`SSL_MODE_ENABLE_PARTIAL_WRITE \|`
			`SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER \|`
			`SSL_MODE_AUTO_RETRY);`
			`+ if (config->sslauthority != (char *)0) {`
			`+ SSL_CTX_load_verify_locations(ctx,config->sslauthority,"");`
			`+ }`
			`SSL_CTX_set_tmp_dh_callback(ctx, TmpDHCallback);`
			`if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {`
			`Error("SetupSSL(): setting SSL cipher list failed");`
			`@@ -1190,6 +1193,12 @@`
			`if ((optConf->secondaryport = StrDup(optarg)) == (char *)0)`
			`OutOfMem();`
			`break;`
			`+ case 'A':`
			`+#if HAVE_OPENSSL`
			`+ if ((optConf->sslauthority = StrDup(optarg)) == (char*)0)`
			`+ OutOfMem();`
			`+#endif`
			`+ break;`
			`case 'c':`
			`#if HAVE_OPENSSL`
			`if ((optConf->sslcredentials =`
			`@@ -1529,6 +1538,12 @@`
			`else`
			`config->sslrequired = defConfig.sslrequired;`

			`+ if (optConf->sslauthority != (char *)0)`
			`+ config->sslauthority = StrDup(optConf->sslauthority);`
			`+ else if (pConfig->sslauthority != (char *)0)`
			`+ config->sslauthority = StrDup(pConfig->sslauthority);`
			`+ else`
			`+ config->sslauthority = StrDup(defConfig.sslauthority);`
			`if (optConf->sslcredentials != (char *)0)`
			`config->sslcredentials = StrDup(optConf->sslcredentials);`
			`else if (pConfig->sslcredentials != (char *)0)`
			`diff -ur conserver-8.1.16/conserver/readcfg.c conserver-8.1.16-ssl/conserver/readcfg.c`
			`--- conserver-8.1.16/conserver/readcfg.c 2007-04-02 13:59:16.000000000 -0400`
			`+++ conserver-8.1.16-ssl/conserver/readcfg.c 2008-01-09 12:41:08.000000000 -0500`
			`@@ -4385,6 +4385,8 @@`
			`#if HAVE_OPENSSL`
			`if (c->sslcredentials != (char *)0)`
			`free(c->sslcredentials);`
			`+ if (c->sslauthority != (char *)0)`
			`+ free(c->sslauthority);`
			`#endif`
			`free(c);`
			`}`
			`@@ -4474,6 +4476,12 @@`
			`parserConfigTemp->secondaryport = (char *)0;`
			`}`
			`#if HAVE_OPENSSL`
			`+ if (parserConfigTemp->sslauthority != (char *)0) {`
			`+ if (pConfig->sslauthority != (char *)0)`
			`+ free(pConfig->sslauthority);`
			`+ pConfig->sslauthority = parserConfigTemp->sslauthority;`
			`+ parserConfigTemp->sslauthority = (char *)0;`
			`+ }`
			`if (parserConfigTemp->sslcredentials != (char *)0) {`
			`if (pConfig->sslcredentials != (char *)0)`
			`free(pConfig->sslcredentials);`
			`@@ -4786,6 +4794,33 @@`

			`void`
			`#if PROTOTYPES`
			`+ConfigItemSslauthority(char *id)`
			`+#else`
			`+ConfigItemSslauthority(id)`
			`+ char *id;`
			`+#endif`
			`+{`
			`+ CONDDEBUG((1, "ConfigItemSslauthority(%s) [%s:%d]", id, file, line));`
			`+#if HAVE_OPENSSL`
			`+ if (parserConfigTemp->sslauthority != (char *)0)`
			`+ free(parserConfigTemp->sslauthority);`
			`+`
			`+ if ((id == (char )0) \|\| (id == '\000')) {`
			`+ parserConfigTemp->sslauthority = (char *)0;`
			`+ return;`
			`+ }`
			`+ if ((parserConfigTemp->sslauthority = StrDup(id)) == (char *)0)`
			`+ OutOfMem();`
			`+#else`
			`+ if (isMaster)`
			`+ Error`
			`+ ("sslauthority ignored - encryption not compiled into code [%s:%d]",`
			`+ file, line);`
			`+#endif`
			`+}`
			`+`
			`+void`
			`+#if PROTOTYPES`
			`ConfigItemSslcredentials(char *id)`
			`#else`
			`ConfigItemSslcredentials(id)`
			`@@ -4962,6 +4997,7 @@`
			`{"secondaryport", ConfigItemSecondaryport},`
			`{"setproctitle", ConfigItemSetproctitle},`
			`{"sslcredentials", ConfigItemSslcredentials},`
			`+ {"sslauthority", ConfigItemSslauthority},`
			`{"sslrequired", ConfigItemSslrequired},`
			`{"unifiedlog", ConfigItemUnifiedlog},`
			`{(char )0, (void )0}`
			`@@ -5250,6 +5286,27 @@`
			`}`
			`#endif`
			`#if HAVE_OPENSSL`
			`+ if (optConf->sslauthority == (char *)0) {`
			`+ if (pConfig->sslauthority == (char *)0) {`
			`+ if (config->sslauthority != (char *)0) {`
			`+ free(config->sslauthority);`
			`+ config->sslauthority = (char *)0;`
			+ Msg("warning: `sslauthority' config option changed - you must restart for it to take effect");
			`+ }`
			`+ } else {`
			`+ if (config->sslauthority == (char *)0 \|\|`
			`+ strcmp(pConfig->sslauthority,`
			`+ config->sslauthority) != 0) {`
			`+ if (config->sslauthority != (char *)0)`
			`+ free(config->sslauthority);`
			`+ if ((config->sslauthority =`
			`+ StrDup(pConfig->sslauthority))`
			`+ == (char *)0)`
			`+ OutOfMem();`
			+ Msg("warning: `sslauthority' config option changed - you must restart for it to take effect");
			`+ }`
			`+ }`
			`+ }`
			`if (optConf->sslcredentials == (char *)0) {`
			`if (pConfig->sslcredentials == (char *)0) {`
			`if (config->sslcredentials != (char *)0) {`
			`diff -ur conserver-8.1.16/conserver/readcfg.h conserver-8.1.16-ssl/conserver/readcfg.h`
			`--- conserver-8.1.16/conserver/readcfg.h 2005-06-10 22:30:31.000000000 -0400`
			`+++ conserver-8.1.16-ssl/conserver/readcfg.h 2008-01-09 08:10:54.000000000 -0500`
			`@@ -27,6 +27,7 @@`
			`#endif`
			`#if HAVE_OPENSSL`
			`char *sslcredentials;`
			`+ char *sslauthority;`
			`FLAG sslrequired;`
			`#endif`
			`} CONFIG;`
			`diff -ur conserver-8.1.16/console/console.c conserver-8.1.16-ssl/console/console.c`
			`--- conserver-8.1.16/console/console.c 2006-06-14 23:01:05.000000000 -0400`
			`+++ conserver-8.1.16-ssl/console/console.c 2008-01-09 12:49:39.000000000 -0500`
			`@@ -105,7 +105,7 @@`
			`} else {`
			`ciphers = "ALL:!LOW:!EXP:!MD5:@STRENGTH";`
			`}`
			`- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback);`
			`+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSLVerifyCallback);`
			`SSL_CTX_set_options(ctx,`
			`SSL_OP_ALL \| SSL_OP_NO_SSLv2 \|`
			`SSL_OP_SINGLE_DH_USE);`
			`@@ -113,6 +113,9 @@`
			`SSL_MODE_ENABLE_PARTIAL_WRITE \|`
			`SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER \|`
			`SSL_MODE_AUTO_RETRY);`
			`+ if (config->sslauthority != (char *)0) {`
			`+ SSL_CTX_load_verify_locations(ctx, config->sslauthority,"");`
			`+ }`
			`if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {`
			`Error("Setting SSL cipher list failed");`
			`Bye(EX_UNAVAILABLE);`
			`@@ -2204,6 +2207,14 @@`
			`config->playback = 0;`

			`#if HAVE_OPENSSL`
			`+ if (optConf->sslauthority != (char *)0 &&`
			`+ optConf->sslauthority[0] != '\000')`
			`+ config->sslauthority = StrDup(optConf->sslauthority);`
			`+ else if (pConfig->sslauthority != (char *)0 &&`
			`+ pConfig->sslauthority[0] != '\000')`
			`+ config->sslauthority = StrDup(pConfig->sslauthority);`
			`+ else`
			`+ config->sslauthority = (char *)0;`
			`if (optConf->sslcredentials != (char *)0 &&`
			`optConf->sslcredentials[0] != '\000')`
			`config->sslcredentials = StrDup(optConf->sslcredentials);`
			`diff -ur conserver-8.1.16/console/readconf.c conserver-8.1.16-ssl/console/readconf.c`
			`--- conserver-8.1.16/console/readconf.c 2006-04-03 09:32:12.000000000 -0400`
			`+++ conserver-8.1.16-ssl/console/readconf.c 2008-01-09 11:14:20.000000000 -0500`
			`@@ -37,6 +37,8 @@`
			`if (c->escape != (char *)0)`
			`free(c->escape);`
			`#if HAVE_OPENSSL`
			`+ if (c->sslauthority != (char *)0)`
			`+ free(c->sslauthority);`
			`if (c->sslcredentials != (char *)0)`
			`free(c->sslcredentials);`
			`#endif`
			`@@ -86,6 +88,13 @@`
			`if (parserConfigDefault->playback != FLAGUNKNOWN)`
			`c->playback = parserConfigDefault->playback;`
			`#if HAVE_OPENSSL`
			`+ if (parserConfigDefault->sslauthority != (char *)0) {`
			`+ if (c->sslauthority != (char *)0)`
			`+ free(c->sslauthority);`
			`+ if ((c->sslauthority =`
			`+ StrDup(parserConfigDefault->sslauthority)) == (char *)0)`
			`+ OutOfMem();`
			`+ }`
			`if (parserConfigDefault->sslcredentials != (char *)0) {`
			`if (c->sslcredentials != (char *)0)`
			`free(c->sslcredentials);`
			`@@ -480,6 +489,32 @@`

			`void`
			`#if PROTOTYPES`
			`+ConfigItemSslauthority(char *id)`
			`+#else`
			`+ConfigItemSslauthority(id)`
			`+ char *id;`
			`+#endif`
			`+{`
			`+ CONDDEBUG((1, "ConfigItemSslauthority(%s) [%s:%d]", id, file, line));`
			`+#if HAVE_OPENSSL`
			`+ if (parserConfigTemp->sslauthority != (char *)0)`
			`+ free(parserConfigTemp->sslauthority);`
			`+`
			`+ if ((id == (char )0) \|\| (id == '\000')) {`
			`+ parserConfigTemp->sslauthority = (char *)0;`
			`+ return;`
			`+ }`
			`+ if ((parserConfigTemp->sslauthority = StrDup(id)) == (char *)0)`
			`+ OutOfMem();`
			`+#else`
			`+ Error`
			`+ ("sslauthority ignored - encryption not compiled into code [%s:%d]",`
			`+ file, line);`
			`+#endif`
			`+}`
			`+`
			`+void`
			`+#if PROTOTYPES`
			`ConfigItemSslcredentials(char *id)`
			`#else`
			`ConfigItemSslcredentials(id)`
			`@@ -712,6 +747,7 @@`
			`{"port", ConfigItemPort},`
			`{"replay", ConfigItemReplay},`
			`{"sslcredentials", ConfigItemSslcredentials},`
			`+ {"sslauthority", ConfigItemSslauthority},`
			`{"sslrequired", ConfigItemSslrequired},`
			`{"sslenabled", ConfigItemSslenabled},`
			`{"striphigh", ConfigItemStriphigh},`
			`diff -ur conserver-8.1.16/console/readconf.h conserver-8.1.16-ssl/console/readconf.h`
			`--- conserver-8.1.16/console/readconf.h 2006-04-03 09:32:12.000000000 -0400`
			`+++ conserver-8.1.16-ssl/console/readconf.h 2008-01-09 11:07:41.000000000 -0500`
			`@@ -18,6 +18,7 @@`
			`unsigned short playback;`
			`#if HAVE_OPENSSL`
			`char *sslcredentials;`
			`+ char *sslauthority;`
			`FLAG sslrequired;`
			`FLAG sslenabled;`
			`#endif`