From: Timo Sirainen <tss@iki.fi>
Date: Fri, 31 Oct 2014 23:54:07 +0000 (-0700)
Subject: lib-ssl-iostream: Support non-1024bit DH parameters in ssl-parameters.dat.
X-Git-Tag: 2.2.16.rc1~257
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c5b7a9068c637195bae4751f965fc33c203a72d6;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Support non-1024bit DH parameters in ssl-parameters.dat.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index b52074938e..1ad9b8cf04 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -77,7 +77,7 @@ static DH *ssl_tmp_dh_callback(SSL *ssl ATTR_UNUSED,
 	if (is_export && keylength == 512 && ssl_io->ctx->dh_512 != NULL)
 		return ssl_io->ctx->dh_512;
 	else
-		return ssl_io->ctx->dh_1024;
+		return ssl_io->ctx->dh_default;
 }
 
 static int
diff --git a/src/lib-ssl-iostream/iostream-openssl-params.c b/src/lib-ssl-iostream/iostream-openssl-params.c
index f7e284a2ec..022005f798 100644
--- a/src/lib-ssl-iostream/iostream-openssl-params.c
+++ b/src/lib-ssl-iostream/iostream-openssl-params.c
@@ -93,13 +93,14 @@ read_dh_parameters_next(struct ssl_iostream_context *ctx,
 
 	switch (bits) {
 	case 512:
+		if (ctx->dh_512 != NULL)
+			return -1;
 		ctx->dh_512 = dh;
 		break;
-	case 1024:
-		ctx->dh_1024 = dh;
-		break;
 	default:
-		ret = -1;
+		if (ctx->dh_default != NULL)
+			return -1;
+		ctx->dh_default = dh;
 		break;
 	}
 	return ret;
@@ -126,8 +127,8 @@ void openssl_iostream_context_free_params(struct ssl_iostream_context *ctx)
 		DH_free(ctx->dh_512);
                 ctx->dh_512 = NULL;
 	}
-	if (ctx->dh_1024 != NULL) {
-		DH_free(ctx->dh_1024);
-                ctx->dh_1024 = NULL;
+	if (ctx->dh_default != NULL) {
+		DH_free(ctx->dh_default);
+                ctx->dh_default = NULL;
 	}
 }
diff --git a/src/lib-ssl-iostream/iostream-openssl.h b/src/lib-ssl-iostream/iostream-openssl.h
index 5f2870367f..4e03218911 100644
--- a/src/lib-ssl-iostream/iostream-openssl.h
+++ b/src/lib-ssl-iostream/iostream-openssl.h
@@ -11,7 +11,7 @@ struct ssl_iostream_context {
 	pool_t pool;
 	const struct ssl_iostream_settings *set;
 
-	DH *dh_512, *dh_1024;
+	DH *dh_512, *dh_default;
 	int username_nid;
 
 	unsigned int client_ctx:1;