mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-08 08:07:10 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: do not look at DHparam with OPENSSL_NO_DH

Browse Source 
OPENSSL_NO_DH can be defined to avoid obsolete and heavy DH processing.
With OPENSSL_NO_DH, parse the entire PEM file to look at DHparam is wast
of time.
This commit is contained in:
Emmanuel Hocdet 2019-07-30 17:04:01 +02:00 committed by William Lallemand
parent 03e09f3818
commit 54227d8add
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -2967,6 +2967,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an
goto end;
}
#ifndef OPENSSL_NO_DH
/* Seek back to beginning of file */
if (BIO_reset(in) == -1) {
memprintf(err, "%san error occurred while reading the file '%s'.\n",
@ -2976,6 +2977,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an
ckch->dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
/* no need to check for NULL there, dh is not mandatory */
#endif
/* Seek back to beginning of file */
if (BIO_reset(in) == -1) {