summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-08-04 16:18:42 +0000
committerjsing <>2014-08-04 16:18:42 +0000
commitbae0ded549246a65bd4f1aa700f406c50e27a5c4 (patch)
tree27862ac7cadb44f277ca910c18c9293337888dd7 /src
parent1d3e00084707ca014c8c119ee28744296ad0622d (diff)
downloadopenbsd-bae0ded549246a65bd4f1aa700f406c50e27a5c4.tar.gz
openbsd-bae0ded549246a65bd4f1aa700f406c50e27a5c4.tar.bz2
openbsd-bae0ded549246a65bd4f1aa700f406c50e27a5c4.zip
A ressl server needs different configuration from a ressl client - provide
a specific server configuration function and call this from ressl_configure.
Diffstat (limited to '')
-rw-r--r--src/lib/libressl/ressl.c3
-rw-r--r--src/lib/libressl/ressl_internal.h1
-rw-r--r--src/lib/libressl/ressl_server.c37
3 files changed, 41 insertions, 0 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index 44a8a19421..439b6d1edd 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -87,6 +87,9 @@ ressl_configure(struct ressl *ctx, struct ressl_config *config)
87 87
88 ctx->config = config; 88 ctx->config = config;
89 89
90 if ((ctx->flags & RESSL_SERVER) != 0)
91 return (ressl_configure_server(ctx));
92
90 return (0); 93 return (0);
91} 94}
92 95
diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h
index 75ca11dd02..44d098b4b3 100644
--- a/src/lib/libressl/ressl_internal.h
+++ b/src/lib/libressl/ressl_internal.h
@@ -56,6 +56,7 @@ struct ressl *ressl_server_conn(struct ressl *ctx);
56 56
57int ressl_check_hostname(X509 *cert, const char *host); 57int ressl_check_hostname(X509 *cert, const char *host);
58int ressl_configure_keypair(struct ressl *ctx); 58int ressl_configure_keypair(struct ressl *ctx);
59int ressl_configure_server(struct ressl *ctx);
59int ressl_host_port(const char *hostport, char **host, char **port); 60int ressl_host_port(const char *hostport, char **host, char **port);
60int ressl_set_error(struct ressl *ctx, char *fmt, ...); 61int ressl_set_error(struct ressl *ctx, char *fmt, ...);
61 62
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c
index 4aadda2f6b..3fbff91be2 100644
--- a/src/lib/libressl/ressl_server.c
+++ b/src/lib/libressl/ressl_server.c
@@ -14,6 +14,9 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17#include <openssl/ec.h>
18#include <openssl/ssl.h>
19
17#include "ressl_internal.h" 20#include "ressl_internal.h"
18 21
19struct ressl * 22struct ressl *
@@ -43,6 +46,40 @@ ressl_server_conn(struct ressl *ctx)
43} 46}
44 47
45int 48int
49ressl_configure_server(struct ressl *ctx)
50{
51 EC_KEY *ecdh_key;
52
53 /* XXX - add a configuration option to control versions. */
54 if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
55 ressl_set_error(ctx, "ssl context failure");
56 goto err;
57 }
58
59 if (ressl_configure_keypair(ctx) != 0)
60 goto err;
61
62 if (ctx->config->ciphers != NULL) {
63 if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
64 ctx->config->ciphers) != 1) {
65 ressl_set_error(ctx, "failed to set ciphers");
66 goto err;
67 }
68 }
69
70 if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL)
71 goto err;
72 SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
73 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
74 EC_KEY_free(ecdh_key);
75
76 return (0);
77
78err:
79 return (-1);
80}
81
82int
46ressl_listen(struct ressl *ctx, const char *host, const char *port, int af) 83ressl_listen(struct ressl *ctx, const char *host, const char *port, int af)
47{ 84{
48 if ((ctx->flags & RESSL_SERVER) == 0) { 85 if ((ctx->flags & RESSL_SERVER) == 0) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 17:22:52 +0000