ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/trunk/src/tls_openssl.c
(Generate patch)

Comparing ircd-hybrid/trunk/src/tls_openssl.c (file contents):
Revision 7142 by michael, Thu Jan 28 09:56:49 2016 UTC vs.
Revision 7192 by michael, Sat Jan 30 18:48:01 2016 UTC

# Line 1 | Line 1
1   /*
2   *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3   *
4 + *  Copyright (c) 2015 Attila Molnar <attilamolnar@hush.com>
5 + *  Copyright (c) 2015 Adam <Adam@anope.org>
6   *  Copyright (c) 2005-2016 ircd-hybrid development team
7   *
8   *  This program is free software; you can redistribute it and/or modify
# Line 28 | Line 30
30   #include "tls.h"
31   #include "conf.h"
32   #include "log.h"
33 < #include "rsa.h"
33 > #include "misc.h"
34   #include "memory.h"
35  
36   #ifdef HAVE_TLS_OPENSSL
37  
38 + /*
39 + * report_crypto_errors - Dump crypto error list to log
40 + */
41 + static void
42 + report_crypto_errors(void)
43 + {
44 +  unsigned long e = 0;
45 +
46 +  while ((e = ERR_get_error()))
47 +    ilog(LOG_TYPE_IRCD, "SSL error: %s", ERR_error_string(e, 0));
48 + }
49 +
50   static int
51   always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
52   {
# Line 68 | Line 82 | tls_init(void)
82    SSL_CTX_set_session_cache_mode(ConfigServerInfo.tls_ctx.server_ctx, SSL_SESS_CACHE_OFF);
83    SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL");
84  
85 < #if OPENSSL_VERSION_NUMBER >= 0x009080FFL && !defined(OPENSSL_NO_ECDH)
85 > #ifndef OPENSSL_NO_ECDH
86    {
87      EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
88  
# Line 150 | Line 164 | tls_new_cred(void)
164        ilog(LOG_TYPE_IRCD, "Ignoring serverinfo::ssl_dh_param_file -- could not open/read Diffie-Hellman parameter file");
165    }
166  
167 < #if OPENSSL_VERSION_NUMBER >= 0x009080FFL && !defined(OPENSSL_NO_ECDH)
167 > #ifndef OPENSSL_NO_ECDH
168    if (ConfigServerInfo.ssl_dh_elliptic_curve)
169    {
170      int nid = 0;
# Line 194 | Line 208 | set_default_curve:
208      }
209    }
210  
211 +  if (ConfigServerInfo.ssl_cipher_list)
212 +    SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.ssl_cipher_list);
213 +
214    return 1;
215   }
216  

Diff Legend

Removed lines
+ Added lines
< Changed lines (old)
> Changed lines (new)