mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 20:46:11 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function

Browse Source 
This helper function will only be used with OpenSSLv3. It simply sets in
an SSL_CTX a set of DH parameters of the same size as a certificate's
private key. This logic is the same as the one used with older versions,
it simply relies on new APIs.
If no pkey can be found the SSL_CTX_set_dh_auto function wll be called,
making the SSL_CTX rely on DH parameters provided by OpenSSL in case of
DHE negotiation.
This commit is contained in:
Remi Tricot-Le Breton 2022-02-11 12:04:51 +01:00 committed by William Lallemand
parent 846eda91ba
commit 5f17930572
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/ssl_sock.c
View File

@ -3108,6 +3108,20 @@ static int ssl_sock_set_tmp_dh(SSL_CTX *ctx, HASSL_DH *dh)
#endif
}
#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
static void ssl_sock_set_tmp_dh_from_pkey(SSL_CTX *ctx, EVP_PKEY *pkey)
{
HASSL_DH *dh = NULL;
if (pkey && (dh = ssl_get_tmp_dh(pkey))) {
HASSL_DH_up_ref(dh);
if (!SSL_CTX_set0_tmp_dh_pkey(ctx, dh))
HASSL_DH_free(dh);
}
else
SSL_CTX_set_dh_auto(ctx, 1);
}
#endif
HASSL_DH *ssl_sock_get_dh_from_bio(BIO *bio)
{
#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)