diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libressl/ressl_server.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c index 7b812bfd27..24b54ad0d0 100644 --- a/src/lib/libressl/ressl_server.c +++ b/src/lib/libressl/ressl_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ressl_server.c,v 1.6 2014/08/05 12:46:16 jsing Exp $ */ | 1 | /* $OpenBSD: ressl_server.c,v 1.7 2014/08/27 10:46:53 reyk Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -69,11 +69,16 @@ ressl_configure_server(struct ressl *ctx) | |||
| 69 | } | 69 | } |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) | 72 | if (ctx->config->ecdhcurve != NID_undef) { |
| 73 | goto err; | 73 | if ((ecdh_key = EC_KEY_new_by_curve_name( |
| 74 | SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); | 74 | ctx->config->ecdhcurve)) == NULL) { |
| 75 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); | 75 | ressl_set_error(ctx, "failed to set ECDH curve"); |
| 76 | EC_KEY_free(ecdh_key); | 76 | goto err; |
| 77 | } | ||
| 78 | SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); | ||
| 79 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); | ||
| 80 | EC_KEY_free(ecdh_key); | ||
| 81 | } | ||
| 77 | 82 | ||
| 78 | return (0); | 83 | return (0); |
| 79 | 84 | ||