Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 6770:131bc715ce87 stable-1.10

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: default DH parameters compatible with OpenSSL 1.1.0. This is a direct commit to stable as there is no corresponding code in mainline, default DH parameters were removed in 1aa9650a8154.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 18 Oct 2016 17:25:38 +0300
parents e0d1c1e05eef
children
comparison
equal deleted inserted replaced
6769:5ba99eff0f33 6770:131bc715ce87
949 if (dh == NULL) { 949 if (dh == NULL) {
950 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "DH_new() failed"); 950 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "DH_new() failed");
951 return NGX_ERROR; 951 return NGX_ERROR;
952 } 952 }
953 953
954 #if OPENSSL_VERSION_NUMBER < 0x10100005L
955
954 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); 956 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
955 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); 957 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
956 958
957 if (dh->p == NULL || dh->g == NULL) { 959 if (dh->p == NULL || dh->g == NULL) {
958 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed"); 960 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
959 DH_free(dh); 961 DH_free(dh);
960 return NGX_ERROR; 962 return NGX_ERROR;
961 } 963 }
964
965 #else
966 {
967 BIGNUM *p, *g;
968
969 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
970 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
971
972 if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
973 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
974 DH_free(dh);
975 BN_free(p);
976 BN_free(g);
977 return NGX_ERROR;
978 }
979 }
980 #endif
962 981
963 SSL_CTX_set_tmp_dh(ssl->ctx, dh); 982 SSL_CTX_set_tmp_dh(ssl->ctx, dh);
964 983
965 DH_free(dh); 984 DH_free(dh);
966 985