summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_server.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libtls/tls_server.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 394cea1e8d..2622e4464f 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_server.c,v 1.40 2017/07/05 15:38:35 jsing Exp $ */ 1/* $OpenBSD: tls_server.c,v 1.41 2017/08/10 18:18:30 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -241,8 +241,6 @@ static int
241tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, 241tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
242 struct tls_keypair *keypair) 242 struct tls_keypair *keypair)
243{ 243{
244 EC_KEY *ecdh_key;
245
246 SSL_CTX_free(*ssl_ctx); 244 SSL_CTX_free(*ssl_ctx);
247 245
248 if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { 246 if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
@@ -283,17 +281,13 @@ tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
283 else if (ctx->config->dheparams == 1024) 281 else if (ctx->config->dheparams == 1024)
284 SSL_CTX_set_dh_auto(*ssl_ctx, 2); 282 SSL_CTX_set_dh_auto(*ssl_ctx, 2);
285 283
286 if (ctx->config->ecdhecurve == -1) { 284 if (ctx->config->ecdhecurves != NULL) {
287 SSL_CTX_set_ecdh_auto(*ssl_ctx, 1); 285 SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
288 } else if (ctx->config->ecdhecurve != NID_undef) { 286 if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves,
289 if ((ecdh_key = EC_KEY_new_by_curve_name( 287 ctx->config->ecdhecurves_len) != 1) {
290 ctx->config->ecdhecurve)) == NULL) { 288 tls_set_errorx(ctx, "failed to set ecdhe curves");
291 tls_set_errorx(ctx, "failed to set ECDHE curve");
292 goto err; 289 goto err;
293 } 290 }
294 SSL_CTX_set_options(*ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
295 SSL_CTX_set_tmp_ecdh(*ssl_ctx, ecdh_key);
296 EC_KEY_free(ecdh_key);
297 } 291 }
298 292
299 if (ctx->config->ciphers_server == 1) 293 if (ctx->config->ciphers_server == 1)