Changeset 6770:131bc715ce87 in nginx


Ignore:
Timestamp:
10/18/16 14:25:38 (3 years ago)
Author:
Maxim Dounin <mdounin@…>
Branch:
stable-1.10
Phase:
public
Message:

SSL: default DH parameters compatible with OpenSSL 1.1.0.

This is a direct commit to stable as there is no corresponding code
in mainline, default DH parameters were removed in 1aa9650a8154.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/event/ngx_event_openssl.c

    r6767 r6770  
    952952        }
    953953
     954#if OPENSSL_VERSION_NUMBER < 0x10100005L
     955
    954956        dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
    955957        dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
     
    960962            return NGX_ERROR;
    961963        }
     964
     965#else
     966        {
     967        BIGNUM  *p, *g;
     968
     969        p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
     970        g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
     971
     972        if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
     973            ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
     974            DH_free(dh);
     975            BN_free(p);
     976            BN_free(g);
     977            return NGX_ERROR;
     978        }
     979        }
     980#endif
    962981
    963982        SSL_CTX_set_tmp_dh(ssl->ctx, dh);
Note: See TracChangeset for help on using the changeset viewer.