SSL: default DH parameters compatible with OpenSSL 1.1.0.
This is a direct commit to stable as there is no corresponding code in mainline, default DH parameters were removed in 1aa9650a8154.
This commit is contained in:
parent
09acff05dd
commit
4bf20e7512
|
@ -951,6 +951,8 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100005L
|
||||
|
||||
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
|
||||
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
|
||||
|
||||
|
@ -960,6 +962,23 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#else
|
||||
{
|
||||
BIGNUM *p, *g;
|
||||
|
||||
p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
|
||||
g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
|
||||
|
||||
if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
|
||||
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
|
||||
DH_free(dh);
|
||||
BN_free(p);
|
||||
BN_free(g);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
SSL_CTX_set_tmp_dh(ssl->ctx, dh);
|
||||
|
||||
DH_free(dh);
|
||||
|
|
Loading…
Reference in New Issue