openssl: change how we load DH parameters
The code already assumes the presence of fopen(3) and errno, and, by extension, fclose(3) and strerror(3), so just use those instead of the BIO wrappers. Additionally, don't fail to initialise if the DH file does exist but parsing it fails, as per the pre-existing comment about them being optional.
This commit is contained in:
parent
0982871a99
commit
3057f91d98
1 changed files with 15 additions and 16 deletions
|
@ -452,26 +452,25 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
|
||||||
if(dhfile != NULL)
|
if(dhfile != NULL)
|
||||||
{
|
{
|
||||||
/* DH parameters aren't necessary, but they are nice..if they didn't pass one..that is their problem */
|
/* DH parameters aren't necessary, but they are nice..if they didn't pass one..that is their problem */
|
||||||
BIO *bio = BIO_new_file(dhfile, "r");
|
FILE *fp = fopen(dhfile, "r");
|
||||||
if(bio != NULL)
|
DH *dh = NULL;
|
||||||
|
|
||||||
|
if(fp == NULL)
|
||||||
{
|
{
|
||||||
DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
|
rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
|
||||||
if(dh == NULL)
|
dhfile, strerror(errno));
|
||||||
{
|
}
|
||||||
rb_lib_log
|
else if(PEM_read_DHparams(fp, &dh, NULL, NULL) == NULL)
|
||||||
("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
|
{
|
||||||
dhfile, get_ssl_error(ERR_get_error()));
|
rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
|
||||||
BIO_free(bio);
|
dhfile, get_ssl_error(ERR_get_error()));
|
||||||
return 0;
|
fclose(fp);
|
||||||
}
|
|
||||||
BIO_free(bio);
|
|
||||||
SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
|
|
||||||
DH_free(dh);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s",
|
SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
|
||||||
dhfile, get_ssl_error(ERR_get_error()));
|
DH_free(dh);
|
||||||
|
fclose(fp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue