Fijxu
/
nginx-quic
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL: default DH parameters compatible with OpenSSL 1.1.0. 

This is a direct commit to stable as there is no corresponding code
in mainline, default DH parameters were removed in 1aa9650a8154.
This commit is contained in:
Maxim Dounin 2016-10-18 17:25:38 +03:00
parent 09acff05dd
commit 4bf20e7512
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/event/ngx_event_openssl.c
View File

@ -951,6 +951,8 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
return NGX_ERROR;
}
#if OPENSSL_VERSION_NUMBER < 0x10100005L
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
@ -960,6 +962,23 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
return NGX_ERROR;
}
#else
{
BIGNUM *p, *g;
p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
DH_free(dh);
BN_free(p);
BN_free(g);
return NGX_ERROR;
}
}
#endif
SSL_CTX_set_tmp_dh(ssl->ctx, dh);
DH_free(dh);