openssl: change how we load DH parameters

The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.

Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.
This commit is contained in:
Aaron Jones 2016-05-25 21:46:34 +00:00
parent 0982871a99
commit 3057f91d98
No known key found for this signature in database
GPG key ID: 6E854C0FAAD4CEA4

View file

@ -452,26 +452,25 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
if(dhfile != NULL) if(dhfile != NULL)
{ {
/* DH parameters aren't necessary, but they are nice..if they didn't pass one..that is their problem */ /* DH parameters aren't necessary, but they are nice..if they didn't pass one..that is their problem */
BIO *bio = BIO_new_file(dhfile, "r"); FILE *fp = fopen(dhfile, "r");
if(bio != NULL) DH *dh = NULL;
if(fp == NULL)
{ {
DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
if(dh == NULL) dhfile, strerror(errno));
{ }
rb_lib_log else if(PEM_read_DHparams(fp, &dh, NULL, NULL) == NULL)
("rb_setup_ssl_server: Error loading DH params file [%s]: %s", {
dhfile, get_ssl_error(ERR_get_error())); rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
BIO_free(bio); dhfile, get_ssl_error(ERR_get_error()));
return 0; fclose(fp);
}
BIO_free(bio);
SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
DH_free(dh);
} }
else else
{ {
rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s", SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
dhfile, get_ssl_error(ERR_get_error())); DH_free(dh);
fclose(fp);
} }
} }