diff options
Diffstat (limited to 'src/lib/libressl/ressl_server.c')
-rw-r--r-- | src/lib/libressl/ressl_server.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/src/lib/libressl/ressl_server.c b/src/lib/libressl/ressl_server.c index 4aadda2f6b..3fbff91be2 100644 --- a/src/lib/libressl/ressl_server.c +++ b/src/lib/libressl/ressl_server.c | |||
@@ -14,6 +14,9 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include <openssl/ec.h> | ||
18 | #include <openssl/ssl.h> | ||
19 | |||
17 | #include "ressl_internal.h" | 20 | #include "ressl_internal.h" |
18 | 21 | ||
19 | struct ressl * | 22 | struct ressl * |
@@ -43,6 +46,40 @@ ressl_server_conn(struct ressl *ctx) | |||
43 | } | 46 | } |
44 | 47 | ||
45 | int | 48 | int |
49 | ressl_configure_server(struct ressl *ctx) | ||
50 | { | ||
51 | EC_KEY *ecdh_key; | ||
52 | |||
53 | /* XXX - add a configuration option to control versions. */ | ||
54 | if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { | ||
55 | ressl_set_error(ctx, "ssl context failure"); | ||
56 | goto err; | ||
57 | } | ||
58 | |||
59 | if (ressl_configure_keypair(ctx) != 0) | ||
60 | goto err; | ||
61 | |||
62 | if (ctx->config->ciphers != NULL) { | ||
63 | if (SSL_CTX_set_cipher_list(ctx->ssl_ctx, | ||
64 | ctx->config->ciphers) != 1) { | ||
65 | ressl_set_error(ctx, "failed to set ciphers"); | ||
66 | goto err; | ||
67 | } | ||
68 | } | ||
69 | |||
70 | if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL) | ||
71 | goto err; | ||
72 | SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key); | ||
73 | SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); | ||
74 | EC_KEY_free(ecdh_key); | ||
75 | |||
76 | return (0); | ||
77 | |||
78 | err: | ||
79 | return (-1); | ||
80 | } | ||
81 | |||
82 | int | ||
46 | ressl_listen(struct ressl *ctx, const char *host, const char *port, int af) | 83 | ressl_listen(struct ressl *ctx, const char *host, const char *port, int af) |
47 | { | 84 | { |
48 | if ((ctx->flags & RESSL_SERVER) == 0) { | 85 | if ((ctx->flags & RESSL_SERVER) == 0) { |