Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6770:131bc715ce87 stable-1.10
SSL: default DH parameters compatible with OpenSSL 1.1.0.
This is a direct commit to stable as there is no corresponding code
in mainline, default DH parameters were removed in 1aa9650a8154.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 18 Oct 2016 17:25:38 +0300 |
parents | e0d1c1e05eef |
children |
comparison
equal
deleted
inserted
replaced
6769:5ba99eff0f33 | 6770:131bc715ce87 |
---|---|
949 if (dh == NULL) { | 949 if (dh == NULL) { |
950 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "DH_new() failed"); | 950 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "DH_new() failed"); |
951 return NGX_ERROR; | 951 return NGX_ERROR; |
952 } | 952 } |
953 | 953 |
954 #if OPENSSL_VERSION_NUMBER < 0x10100005L | |
955 | |
954 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); | 956 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); |
955 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); | 957 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); |
956 | 958 |
957 if (dh->p == NULL || dh->g == NULL) { | 959 if (dh->p == NULL || dh->g == NULL) { |
958 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed"); | 960 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed"); |
959 DH_free(dh); | 961 DH_free(dh); |
960 return NGX_ERROR; | 962 return NGX_ERROR; |
961 } | 963 } |
964 | |
965 #else | |
966 { | |
967 BIGNUM *p, *g; | |
968 | |
969 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); | |
970 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); | |
971 | |
972 if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) { | |
973 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed"); | |
974 DH_free(dh); | |
975 BN_free(p); | |
976 BN_free(g); | |
977 return NGX_ERROR; | |
978 } | |
979 } | |
980 #endif | |
962 | 981 |
963 SSL_CTX_set_tmp_dh(ssl->ctx, dh); | 982 SSL_CTX_set_tmp_dh(ssl->ctx, dh); |
964 | 983 |
965 DH_free(dh); | 984 DH_free(dh); |
966 | 985 |