MINOR: ssl: Build local DH of right size when needed

The current way the local DH structures are built relies on the fact
that the ssl_get_tmp_dh function would only be called as a callback
during a DHE negotiation, so after all the SSL contexts are built and
the init is over. With OpenSSLv3, this function will now be called
during init, so before those objects are curretly built.
This patch ensures that when calling ssl_get_tmp_dh and trying to use
one of or hard-coded DH parameters, it will be created if it did not
exist yet.
The current DH parameter creation is also kept so that with versions
before OpenSSLv3 we don't end up creating this DH object during a
handshake.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 1af45eb2ec215f29fcc24c649e43cb2eee4e8034..27d3d527d20ccb34b7dff16f0c87d80a9c1e15e5 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3110,12 +3110,18 @@ static DH *ssl_get_tmp_dh(EVP_PKEY *pkey)
        }
 
        if (keylen >= 4096) {
+               if (!local_dh_4096)
+                       local_dh_4096 = ssl_get_dh_4096();
                dh = local_dh_4096;
        }
        else if (keylen >= 2048) {
+               if (!local_dh_2048)
+                       local_dh_2048 = ssl_get_dh_2048();
                dh = local_dh_2048;
        }
        else {
+               if (!local_dh_1024)
+                       local_dh_1024 = ssl_get_dh_1024();
                dh = local_dh_1024;
        }