summaryrefslogtreecommitdiff
path: root/src/lib/libressl/ressl_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libressl/ressl_server.c')
-rw-r--r--src/lib/libressl/ressl_server.c37
1 files changed, 37 insertions, 0 deletions
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c
index 4aadda2f6b..3fbff91be2 100644
--- a/src/lib/libressl/ressl_server.c
+++ b/src/lib/libressl/ressl_server.c
@@ -14,6 +14,9 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17#include <openssl/ec.h>
18#include <openssl/ssl.h>
19
17#include "ressl_internal.h" 20#include "ressl_internal.h"
18 21
19struct ressl * 22struct ressl *
@@ -43,6 +46,40 @@ ressl_server_conn(struct ressl *ctx)
43} 46}
44 47
45int 48int
49ressl_configure_server(struct ressl *ctx)
50{
51 EC_KEY *ecdh_key;
52
53 /* XXX - add a configuration option to control versions. */
54 if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
55 ressl_set_error(ctx, "ssl context failure");
56 goto err;
57 }
58
59 if (ressl_configure_keypair(ctx) != 0)
60 goto err;
61
62 if (ctx->config->ciphers != NULL) {
63 if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
64 ctx->config->ciphers) != 1) {
65 ressl_set_error(ctx, "failed to set ciphers");
66 goto err;
67 }
68 }
69
70 if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL)
71 goto err;
72 SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
73 SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
74 EC_KEY_free(ecdh_key);
75
76 return (0);
77
78err:
79 return (-1);
80}
81
82int
46ressl_listen(struct ressl *ctx, const char *host, const char *port, int af) 83ressl_listen(struct ressl *ctx, const char *host, const char *port, int af)
47{ 84{
48 if ((ctx->flags & RESSL_SERVER) == 0) { 85 if ((ctx->flags & RESSL_SERVER) == 0) {