Generate temporary RSA key when requested. Could be slow, should do some

caching in master process side..

--HG--
branch : HEAD

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index c1c11cdc95b8915472b8ea044b2b0177e8055564..689094d2ca0cb808335300d46a9a049a76451102 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -392,6 +392,12 @@ static void ssl_proxy_destroy(struct ssl_proxy *proxy)
        }
 }
 
+static RSA *ssl_gen_rsa_key(SSL *ssl __attr_unused__,
+                           int is_export __attr_unused__, int keylength)
+{
+       return RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+}
+
 void ssl_proxy_init(void)
 {
        const char *certfile, *keyfile, *paramfile;
@@ -424,6 +430,9 @@ void ssl_proxy_init(void)
                        keyfile, ssl_last_error());
        }
 
+       if (SSL_CTX_need_tmp_RSA(ssl_ctx))
+               SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
+
         ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
        ssl_initialized = TRUE;
 }