DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Generate DH parameters automatically if not set with dh_file

Browse source 
This is the recommended way of using DH in OpenSSL TLS handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2022-04-16 11:38:44 +03:00
parent bcd299b326
commit ebb3055e13
2 changed files with 16 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/crypto/tls_openssl.c
View file

@ -4001,10 +4001,12 @@ static int tls_global_dh(struct tls_data *data, const char *dh_file)
EVP_PKEY *pkey = NULL, *tmpkey = NULL;
bool dsa = false;
if (!dh_file)
return 0;
if (!ssl_ctx)
return -1;
if (!dh_file) {
SSL_CTX_set_dh_auto(ssl_ctx, 1);
return 0;
}
bio = BIO_new_file(dh_file, "r");
if (!bio) {
@ -4066,10 +4068,14 @@ static int tls_global_dh(struct tls_data *data, const char *dh_file)
DH *dh;
BIO *bio;
if (dh_file == NULL)
return 0;
if (ssl_ctx == NULL)
if (!ssl_ctx)
return -1;
if (!dh_file) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
SSL_CTX_set_dh_auto(ssl_ctx, 1);
#endif
return 0;
}
bio = BIO_new_file(dh_file, "r");
if (bio == NULL) {