ucspi-ssl
0.13.04
ucspi-ssl
Loading...
Searching...
No Matches
ucspi-ssl-0.13.04
src
ssl_params.c
Go to the documentation of this file.
1
6
#include "
ucspissl.h
"
7
8
int
ssl_params_rsa
(SSL_CTX *
ctx
,
int
len)
9
{
10
RSA *rsa;
11
long
res;
12
BIGNUM *
e
;
13
14
/* check if ephemeral RSA key is actually needed */
15
if
(!SSL_CTX_need_tmp_RSA(
ctx
))
return
1;
16
17
if
(len) {
18
e
= BN_new();
19
rsa = RSA_new();
20
BN_set_word(
e
,RSA_F4);
21
22
res = (long) RSA_generate_key_ex(rsa,len,
e
,NULL);
23
BN_free(
e
);
24
25
if
(res == -1)
return
0;
26
if
(!rsa)
return
0;
27
28
/* seldom "needed": maybe deal with an export cipher */
29
res = SSL_CTX_set_tmp_rsa(
ctx
,rsa);
30
RSA_free(rsa);
31
if
(!res)
return
0;
32
}
33
34
return
1;
35
}
36
37
int
ssl_params_dh
(SSL_CTX *
ctx
,
const
char
*
dhfile
)
38
{
39
DH *dh;
40
BIO *bio;
41
42
if
(
dhfile
) {
43
dh = 0;
44
bio = BIO_new_file(
dhfile
,
"r"
);
45
if
(!bio)
return
0;
46
dh = PEM_read_bio_DHparams(bio,0,0,0);
47
BIO_free(bio);
48
if
(!dh)
return
0;
49
if
(!SSL_CTX_set_tmp_dh(
ctx
,dh))
return
0;
50
}
51
52
return
1;
53
}
54
/*
55
int ssl_params_ecdh(SSL_CTX *ctx,const char *ecdhfile)
56
{
57
EC_KEY *ecdh;
58
59
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
60
//#ifdef SSL_CTRL_SET_ECDH_AUTO
61
SSL_CTX_set_ecdh_auto(ctx,1);
62
//#else
63
// insecure and compatible curves, see http://safecurves.cr.yp.to/
64
ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);
65
if (ecdh == NULL) {
66
// NIST P-384 / AES-256
67
ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
68
}
69
if (ecdh == NULL) {
70
// NIST P-256 / AES-128
71
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
72
}
73
if (ecdh != NULL) {
74
SSL_CTX_set_tmp_ecdh(ctx,ecdh);
75
EC_KEY_free(ecdh);
76
return 1;
77
}
78
//#endif
79
return 0;
80
}
81
*/
ssl_params_dh
int ssl_params_dh(SSL_CTX *ctx, const char *dhfile)
Definition
ssl_params.c:37
ssl_params_rsa
int ssl_params_rsa(SSL_CTX *ctx, int len)
Definition
ssl_params.c:8
ctx
SSL_CTX * ctx
Definition
sslclient.c:105
dhfile
const char * dhfile
Definition
sslhandle.c:119
e
char ** e
Definition
sslhandle.c:128
ucspissl.h
Header file to be used with sqmail; previously called ssl.h. (name clash)
Generated on
for ucspi-ssl by
1.14.0