From eba7e5662aacc7be4c98c01cb78204ee337e99ef Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 29 Jun 2022 08:30:04 +0000
Subject: Also check the security level of the 'tmp dh'

ok beck jsing
---
 src/lib/libssl/ssl_seclevel.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_seclevel.c')

diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
index 34cea637e0..e0d7a631cb 100644
--- a/src/lib/libssl/ssl_seclevel.c
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_seclevel.c,v 1.6 2022/06/29 08:27:51 tb Exp $ */
+/*	$OpenBSD: ssl_seclevel.c,v 1.7 2022/06/29 08:30:04 tb Exp $ */
 /*
  * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
  *
@@ -227,6 +227,16 @@ ssl_security(const SSL *ssl, int op, int bits, int nid, void *other)
 	    ssl->cert->security_ex_data);
 }
 
+int
+ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh)
+{
+#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
+	return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0,
+	    dh);
+#else
+	return 1;
+#endif
+}
 int
 ssl_security_dh(const SSL *ssl, DH *dh)
 {
-- 
cgit v1.2.3-55-g6feb