Attachment #30804 for bug #49559

View | Details | Raw Unified | Return to bug 49559
Collapse All | Expand All

Lines 930-937 Link Here

(-)modules/ssl/ssl_private.h (-1 / +5 lines)
930		930
931	/** Diffie-Hellman Parameter Support */	931	/** Diffie-Hellman Parameter Support */
932	DH *ssl_dh_GetTmpParam(int);	932	DH *ssl_dh_GetTmpParam(int);
933	DH ssl_dh_GetParamFromFile(char );	933	DH ssl_dh_GetParamFromFile(const char );
934		934
		935	#ifndef OPENSSL_NO_EC
		936	EC_GROUP ssl_ec_GetParamFromFile(const char );
		937	#endif
		938
935	unsigned char ssl_asn1_table_set(apr_hash_t table,	939	unsigned char ssl_asn1_table_set(apr_hash_t table,
936	const char *key,	940	const char *key,
937	long int length);	941	long int length);

Lines 135-141 Link Here

(-)modules/ssl/ssl_engine_dh.c (-1 / +1 lines)
135	return dh;	135	return dh;
136	}	136	}
137		137
138	DH ssl_dh_GetParamFromFile(char file)	138	DH ssl_dh_GetParamFromFile(const char file)
139	{	139	{
140	DH *dh = NULL;	140	DH *dh = NULL;
141	BIO *bio;	141	BIO *bio;

Lines 192-197 Link Here

(-)modules/ssl/ssl_engine_init.c (+43 lines)
192	#define MODSSL_TMP_KEY_INIT_EC(s, bits) \	192	#define MODSSL_TMP_KEY_INIT_EC(s, bits) \
193	ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits)	193	ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits)
194		194
		195	EC_GROUP ssl_ec_GetParamFromFile(const char file)
		196	{
		197	EC_GROUP *ecg = NULL;
		198	BIO *bio;
		199
		200	if ((bio = BIO_new_file(file, "r")) == NULL)
		201	return NULL;
		202	ecg = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
		203	BIO_free(bio);
		204	return (ecg);
		205	}
		206
195	#endif	207	#endif
196		208
197	#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \	209	#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \
Lines 1184-1193 Link Here
1184	const char rsa_id, dsa_id;	1196	const char rsa_id, dsa_id;
1185	#ifndef OPENSSL_NO_EC	1197	#ifndef OPENSSL_NO_EC
1186	const char *ecc_id;	1198	const char *ecc_id;
		1199	EC_GROUP *ecparams;
		1200	EC_KEY *eckey;
		1201	int nid;
1187	#endif	1202	#endif
1188	const char *vhost_id = mctx->sc->vhost_id;	1203	const char *vhost_id = mctx->sc->vhost_id;
1189	int i;	1204	int i;
1190	int have_rsa, have_dsa;	1205	int have_rsa, have_dsa;
		1206	DH *dhparams;
1191	#ifndef OPENSSL_NO_EC	1207	#ifndef OPENSSL_NO_EC
1192	int have_ecc;	1208	int have_ecc;
1193	#endif	1209	#endif
Lines 1234-1239 Link Here
1234	"Oops, no " KEYTYPES " server private key found?!");	1250	"Oops, no " KEYTYPES " server private key found?!");
1235	ssl_die(s);	1251	ssl_die(s);
1236	}	1252	}
		1253
		1254	/*
		1255	* Try to read DHE parameters from the (first) SSLCertificateFile
		1256	*/
		1257	if ((mctx->pks->cert_files[0] != NULL) &&
		1258	(dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) {
		1259	SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
		1260	ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO()
		1261	"DHE parameters (%d bits) for %s configured from %s",
		1262	BN_num_bits(dhparams->p), vhost_id,
		1263	mctx->pks->cert_files[0]);
		1264	}
		1265
		1266	#ifndef OPENSSL_NO_EC
		1267	/*
		1268	* Similarly, try to read the ECDHE curve name from SSLCertificateFile
		1269	*/
		1270	if ((mctx->pks->cert_files[0] != NULL) &&
		1271	(ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) &&
		1272	(nid = EC_GROUP_get_curve_name(ecparams)) &&
		1273	(eckey = EC_KEY_new_by_curve_name(nid))) {
		1274	SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
		1275	ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO()
		1276	"ECDHE curve (%s) for %s configured from %s",
		1277	OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
		1278	}
		1279	#endif
1237	}	1280	}
1238		1281
1239	#ifdef HAVE_TLS_SESSION_TICKETS	1282	#ifdef HAVE_TLS_SESSION_TICKETS

Return to bug 49559