]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0aaded8)
lib-ssl-iostream: Support non-1024bit DH parameters in ssl-parameters.dat.
authorTimo Sirainen <tss@iki.fi>
Fri, 31 Oct 2014 23:54:07 +0000 (16:54 -0700)
committerTimo Sirainen <tss@iki.fi>
Fri, 31 Oct 2014 23:54:07 +0000 (16:54 -0700)
src/lib-ssl-iostream/iostream-openssl-context.c patch | blob | blame | history
src/lib-ssl-iostream/iostream-openssl-params.c patch | blob | blame | history
src/lib-ssl-iostream/iostream-openssl.h patch | blob | blame | history

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index b52074938efb44f1b2f3ae75b3c86d999d9e7d40..1ad9b8cf047c907af488a1908f7b08c34aaf4d4e 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -77,7 +77,7 @@ static DH *ssl_tmp_dh_callback(SSL *ssl ATTR_UNUSED,
        if (is_export && keylength == 512 && ssl_io->ctx->dh_512 != NULL)
                return ssl_io->ctx->dh_512;
        else
-               return ssl_io->ctx->dh_1024;
+               return ssl_io->ctx->dh_default;
 }
 
 static int
diff --git a/src/lib-ssl-iostream/iostream-openssl-params.c b/src/lib-ssl-iostream/iostream-openssl-params.c
index f7e284a2ec06f8b0e9fe2b108684adbd054a8319..022005f7982a9fa22a23507877c4275111120098 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-params.c
+++ b/src/lib-ssl-iostream/iostream-openssl-params.c
@@ -93,13 +93,14 @@ read_dh_parameters_next(struct ssl_iostream_context *ctx,
 
        switch (bits) {
        case 512:
+               if (ctx->dh_512 != NULL)
+                       return -1;
                ctx->dh_512 = dh;
                break;
-       case 1024:
-               ctx->dh_1024 = dh;
-               break;
        default:
-               ret = -1;
+               if (ctx->dh_default != NULL)
+                       return -1;
+               ctx->dh_default = dh;
                break;
        }
        return ret;
@@ -126,8 +127,8 @@ void openssl_iostream_context_free_params(struct ssl_iostream_context *ctx)
                DH_free(ctx->dh_512);
                 ctx->dh_512 = NULL;
        }
-       if (ctx->dh_1024 != NULL) {
-               DH_free(ctx->dh_1024);
-                ctx->dh_1024 = NULL;
+       if (ctx->dh_default != NULL) {
+               DH_free(ctx->dh_default);
+                ctx->dh_default = NULL;
        }
 }
diff --git a/src/lib-ssl-iostream/iostream-openssl.h b/src/lib-ssl-iostream/iostream-openssl.h
index 5f2870367fe82f98ae1b0cab9920741d0f6be276..4e032189117dcc72d97d83cd4459784e9abae151 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.h
+++ b/src/lib-ssl-iostream/iostream-openssl.h
@@ -11,7 +11,7 @@ struct ssl_iostream_context {
        pool_t pool;
        const struct ssl_iostream_settings *set;
 
-       DH *dh_512, *dh_1024;
+       DH *dh_512, *dh_default;
        int username_nid;
 
        unsigned int client_ctx:1;
Mirror of https://github.com/dovecot/core.git