From 82d827469cb3e7e02c337ec373ef82b738d40051 Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Wed, 25 May 2016 21:53:09 +0000 Subject: [PATCH] openssl: change how we load DH parameters The code already assumes the presence of fopen(3) and errno, and, by extension, fclose(3) and strerror(3), so just use those instead of the BIO wrappers. Additionally, don't fail to initialise if the DH file does exist but parsing it fails, as per the pre-existing comment about them being optional. --- libratbox/src/openssl.c | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c index 32d74a42..8f832369 100644 --- a/libratbox/src/openssl.c +++ b/libratbox/src/openssl.c @@ -457,26 +457,25 @@ rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, c if(dhfile != NULL) { /* DH parameters aren't necessary, but they are nice..if they didn't pass one..that is their problem */ - BIO *bio = BIO_new_file(dhfile, "r"); - if(bio != NULL) + FILE *fp = fopen(dhfile, "r"); + DH *dh = NULL; + + if(fp == NULL) { - DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); - if(dh == NULL) - { - rb_lib_log - ("rb_setup_ssl_server: Error loading DH params file [%s]: %s", - dhfile, get_ssl_error(ERR_get_error())); - BIO_free(bio); - return 0; - } - BIO_free(bio); - SSL_CTX_set_tmp_dh(ssl_server_ctx, dh); - DH_free(dh); + rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s", + dhfile, strerror(errno)); + } + else if(PEM_read_DHparams(fp, &dh, NULL, NULL) == NULL) + { + rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s", + dhfile, get_ssl_error(ERR_get_error())); + fclose(fp); } else { - rb_lib_log("rb_setup_ssl_server: Error loading DH params file [%s]: %s", - dhfile, get_ssl_error(ERR_get_error())); + SSL_CTX_set_tmp_dh(ssl_server_ctx, dh); + DH_free(dh); + fclose(fp); } }