mirror
/
nginx
mirror of https://github.com/nginx/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SSL: default DH parameters compatible with OpenSSL 1.1.0. 

This is a direct commit to stable as there is no corresponding code
in mainline, default DH parameters were removed in 1aa9650a8154.
This commit is contained in:
Maxim Dounin 2016-10-18 17:25:38 +03:00
parent a3f3471fa3
commit 789abf2b8c
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/event/ngx_event_openssl.c
View File

@ -951,6 +951,8 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
return NGX_ERROR; return NGX_ERROR;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100005L
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
@ -960,6 +962,23 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
return NGX_ERROR; return NGX_ERROR;
} }
#else
{
BIGNUM *p, *g;
p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
DH_free(dh);
BN_free(p);
BN_free(g);
return NGX_ERROR;
}
}
#endif
SSL_CTX_set_tmp_dh(ssl->ctx, dh); SSL_CTX_set_tmp_dh(ssl->ctx, dh);
DH_free(dh); DH_free(dh);