diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libtls/tls_server.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 394cea1e8d..2622e4464f 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: tls_server.c,v 1.40 2017/07/05 15:38:35 jsing Exp $ */ | 1 | /* $OpenBSD: tls_server.c,v 1.41 2017/08/10 18:18:30 jsing Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
4 | * | 4 | * |
@@ -241,8 +241,6 @@ static int | |||
241 | tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, | 241 | tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, |
242 | struct tls_keypair *keypair) | 242 | struct tls_keypair *keypair) |
243 | { | 243 | { |
244 | EC_KEY *ecdh_key; | ||
245 | |||
246 | SSL_CTX_free(*ssl_ctx); | 244 | SSL_CTX_free(*ssl_ctx); |
247 | 245 | ||
248 | if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { | 246 | if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { |
@@ -283,17 +281,13 @@ tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, | |||
283 | else if (ctx->config->dheparams == 1024) | 281 | else if (ctx->config->dheparams == 1024) |
284 | SSL_CTX_set_dh_auto(*ssl_ctx, 2); | 282 | SSL_CTX_set_dh_auto(*ssl_ctx, 2); |
285 | 283 | ||
286 | if (ctx->config->ecdhecurve == -1) { | 284 | if (ctx->config->ecdhecurves != NULL) { |
287 | SSL_CTX_set_ecdh_auto(*ssl_ctx, 1); | 285 | SSL_CTX_set_ecdh_auto(*ssl_ctx, 1); |
288 | } else if (ctx->config->ecdhecurve != NID_undef) { | 286 | if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves, |
289 | if ((ecdh_key = EC_KEY_new_by_curve_name( | 287 | ctx->config->ecdhecurves_len) != 1) { |
290 | ctx->config->ecdhecurve)) == NULL) { | 288 | tls_set_errorx(ctx, "failed to set ecdhe curves"); |
291 | tls_set_errorx(ctx, "failed to set ECDHE curve"); | ||
292 | goto err; | 289 | goto err; |
293 | } | 290 | } |
294 | SSL_CTX_set_options(*ssl_ctx, SSL_OP_SINGLE_ECDH_USE); | ||
295 | SSL_CTX_set_tmp_ecdh(*ssl_ctx, ecdh_key); | ||
296 | EC_KEY_free(ecdh_key); | ||
297 | } | 291 | } |
298 | 292 | ||
299 | if (ctx->config->ciphers_server == 1) | 293 | if (ctx->config->ciphers_server == 1) |