Lines 192-197
Link Here
|
192 |
#define MODSSL_TMP_KEY_INIT_EC(s, bits) \ |
192 |
#define MODSSL_TMP_KEY_INIT_EC(s, bits) \ |
193 |
ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits) |
193 |
ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits) |
194 |
|
194 |
|
|
|
195 |
EC_GROUP *ssl_ec_GetParamFromFile(const char *file) |
196 |
{ |
197 |
EC_GROUP *ecg = NULL; |
198 |
BIO *bio; |
199 |
|
200 |
if ((bio = BIO_new_file(file, "r")) == NULL) |
201 |
return NULL; |
202 |
ecg = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL); |
203 |
BIO_free(bio); |
204 |
return (ecg); |
205 |
} |
206 |
|
195 |
#endif |
207 |
#endif |
196 |
|
208 |
|
197 |
#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \ |
209 |
#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \ |
Lines 1184-1193
Link Here
|
1184 |
const char *rsa_id, *dsa_id; |
1196 |
const char *rsa_id, *dsa_id; |
1185 |
#ifndef OPENSSL_NO_EC |
1197 |
#ifndef OPENSSL_NO_EC |
1186 |
const char *ecc_id; |
1198 |
const char *ecc_id; |
|
|
1199 |
EC_GROUP *ecparams; |
1200 |
EC_KEY *eckey; |
1201 |
int nid; |
1187 |
#endif |
1202 |
#endif |
1188 |
const char *vhost_id = mctx->sc->vhost_id; |
1203 |
const char *vhost_id = mctx->sc->vhost_id; |
1189 |
int i; |
1204 |
int i; |
1190 |
int have_rsa, have_dsa; |
1205 |
int have_rsa, have_dsa; |
|
|
1206 |
DH *dhparams; |
1191 |
#ifndef OPENSSL_NO_EC |
1207 |
#ifndef OPENSSL_NO_EC |
1192 |
int have_ecc; |
1208 |
int have_ecc; |
1193 |
#endif |
1209 |
#endif |
Lines 1234-1239
Link Here
|
1234 |
"Oops, no " KEYTYPES " server private key found?!"); |
1250 |
"Oops, no " KEYTYPES " server private key found?!"); |
1235 |
ssl_die(s); |
1251 |
ssl_die(s); |
1236 |
} |
1252 |
} |
|
|
1253 |
|
1254 |
/* |
1255 |
* Try to read DHE parameters from the (first) SSLCertificateFile |
1256 |
*/ |
1257 |
if ((mctx->pks->cert_files[0] != NULL) && |
1258 |
(dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) { |
1259 |
SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); |
1260 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO() |
1261 |
"DHE parameters (%d bits) for %s configured from %s", |
1262 |
BN_num_bits(dhparams->p), vhost_id, |
1263 |
mctx->pks->cert_files[0]); |
1264 |
} |
1265 |
|
1266 |
#ifndef OPENSSL_NO_EC |
1267 |
/* |
1268 |
* Similarly, try to read the ECDHE curve name from SSLCertificateFile |
1269 |
*/ |
1270 |
if ((mctx->pks->cert_files[0] != NULL) && |
1271 |
(ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) && |
1272 |
(nid = EC_GROUP_get_curve_name(ecparams)) && |
1273 |
(eckey = EC_KEY_new_by_curve_name(nid))) { |
1274 |
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); |
1275 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO() |
1276 |
"ECDHE curve (%s) for %s configured from %s", |
1277 |
OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]); |
1278 |
} |
1279 |
#endif |
1237 |
} |
1280 |
} |
1238 |
|
1281 |
|
1239 |
#ifdef HAVE_TLS_SESSION_TICKETS |
1282 |
#ifdef HAVE_TLS_SESSION_TICKETS |