summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordaurnimator <quae@daurnimator.com>2017-04-03 12:54:23 +1000
committerdaurnimator <quae@daurnimator.com>2017-04-03 13:27:15 +1000
commita0346d8054d3b19a7e30b5de70048c001d8c2c26 (patch)
tree4537a248b1d277ffb2e78bef38b78e0c3f212aab
parent70439fbea9ddd6acb942fc746bea9a522f940380 (diff)
downloadluaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.gz
luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.bz2
luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.zip
openssl.ssl.context.new: Turn on ecdh_auto in OpenSSL 1.0.2
It's on by default in 1.1.0, and supported in < 1.0.2. Suggestion taken from ruby openssl implementation: https://github.com/ruby/openssl/blob/a7bbd590c66d40bd662502df9c65474e85b5f03f/ext/openssl/ossl_ssl.c#L135
-rw-r--r--src/openssl.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c
index d679d92..652e38a 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -258,6 +258,10 @@
258#define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1)) 258#define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
259#endif 259#endif
260 260
261#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO
262#define HAVE_SSL_CTX_SET_ECDH_AUTO ((OPENSSL_PREREQ(1,0,2) && !OPENSSL_PREREQ(1,1,0)) || LIBRESSL_PREREQ(2,1,2))
263#endif
264
261#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS 265#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
262#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3)) 266#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3))
263#endif 267#endif
@@ -7575,6 +7579,15 @@ static int sx_new(lua_State *L) {
7575 7579
7576 SSL_CTX_set_options(*ud, options); 7580 SSL_CTX_set_options(*ud, options);
7577 7581
7582#if HAVE_SSL_CTX_SET_ECDH_AUTO
7583 /* OpenSSL 1.0.2 introduced SSL_CTX_set_ecdh_auto to automatically select
7584 * from the curves set via SSL_CTX_set1_curves_list. However as of OpenSSL
7585 * 1.1.0, the functionality was turned on permanently and the option
7586 * removed. */
7587 if (!SSL_CTX_set_ecdh_auto(*ud, 1))
7588 return auxL_error(L, auxL_EOPENSSL, "ssl.context.new");
7589#endif
7590
7578 return 1; 7591 return 1;
7579} /* sx_new() */ 7592} /* sx_new() */
7580 7593