Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 3960:0832a6997227

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ECDHE support patch by Adrian Kotelba
author Igor Sysoev <igor@sysoev.ru>
date Wed, 20 Jul 2011 15:42:40 +0000
parents b1f48fa31e6c
children 4048aa055411
comparison
equal deleted inserted replaced
3959:b1f48fa31e6c 3960:0832a6997227
466 BIO_free(bio); 466 BIO_free(bio);
467 467
468 return NGX_OK; 468 return NGX_OK;
469 } 469 }
470 470
471 ngx_int_t
472 ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
473 {
474 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
475 #ifndef OPENSSL_NO_ECDH
476 int nid;
477 EC_KEY *ecdh;
478
479 /*
480 * Elliptic-Curve Diffie-Hellman parameters are either "named curves"
481 * from RFC 4492 section 5.1.1, or explicitely described curves over
482 * binary fields. OpenSSL only supports the "named curves", which provide
483 * maximum interoperability.
484 */
485
486 nid = OBJ_sn2nid((const char *) name->data);
487 if (nid == 0) {
488 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
489 "Unknown curve name \"%s\"", name->data);
490 return NGX_ERROR;
491 }
492
493 ecdh = EC_KEY_new_by_curve_name(nid);
494 if (ecdh == NULL) {
495 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
496 "Unable to create curve \"%s\"", name->data);
497 return NGX_ERROR;
498 }
499
500 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
501
502 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
503
504 EC_KEY_free(ecdh);
505 #endif
506 #endif
507
508 return NGX_OK;
509 }
471 510
472 ngx_int_t 511 ngx_int_t
473 ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) 512 ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
474 { 513 {
475 ngx_ssl_connection_t *sc; 514 ngx_ssl_connection_t *sc;