diff options
| author | Gilles Chehade <gilles@cvs.openbsd.org> | 2011-03-15 19:24:56 +0000 |
|---|---|---|
| committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2011-03-15 19:24:56 +0000 |
| commit | 3aadf75fa2a0268eb92fce58c894d497704be093 (patch) | |
| tree | 75e286aa12ad8b9b0ab41777e4c7142c40e4e072 /usr.sbin/smtpd/smtpd.c | |
| parent | 5e8bb3aa9045fc6ebcf3d544b236f47e6b70baed (diff) | |
let smtpd use user-provided Diffie-Hellman parameters for ephemeral key
exchange. if no DH parameters are found, fallback to builtin parameters
as was done until now.
since we now accept user-provided DH parameters, make smtpd more strict
and fatal() if the parameters are bogus.
bump the key size of the DH parameters from 512bits to 1024bits, it might
be bumped further after some more research.
thanks to mikeb@ for his suggestions
diff ok mikeb@ , man ok jmc@
Diffstat (limited to 'usr.sbin/smtpd/smtpd.c')
| -rw-r--r-- | usr.sbin/smtpd/smtpd.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c index 9d3926da9c4..bd3a27dafaf 100644 --- a/usr.sbin/smtpd/smtpd.c +++ b/usr.sbin/smtpd/smtpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.c,v 1.115 2010/11/28 14:35:58 gilles Exp $ */ +/* $OpenBSD: smtpd.c,v 1.116 2011/03/15 19:24:55 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -222,7 +222,7 @@ parent_send_config_listeners(struct smtpd *env) { struct listener *l; struct ssl *s; - struct iovec iov[3]; + struct iovec iov[4]; int opt; log_debug("parent_send_config: configuring smtp"); @@ -239,6 +239,8 @@ parent_send_config_listeners(struct smtpd *env) iov[1].iov_len = s->ssl_cert_len; iov[2].iov_base = s->ssl_key; iov[2].iov_len = s->ssl_key_len; + iov[3].iov_base = s->ssl_dhparams; + iov[3].iov_len = s->ssl_dhparams_len; imsg_composev(&env->sc_ievs[PROC_SMTP]->ibuf, IMSG_CONF_SSL, 0, 0, -1, iov, nitems(iov)); @@ -265,7 +267,7 @@ void parent_send_config_client_certs(struct smtpd *env) { struct ssl *s; - struct iovec iov[3]; + struct iovec iov[4]; log_debug("parent_send_config_client_certs: configuring smtp"); imsg_compose_event(env->sc_ievs[PROC_MTA], IMSG_CONF_START, @@ -281,6 +283,8 @@ parent_send_config_client_certs(struct smtpd *env) iov[1].iov_len = s->ssl_cert_len; iov[2].iov_base = s->ssl_key; iov[2].iov_len = s->ssl_key_len; + iov[3].iov_base = s->ssl_dhparams; + iov[3].iov_len = s->ssl_dhparams_len; imsg_composev(&env->sc_ievs[PROC_MTA]->ibuf, IMSG_CONF_SSL, 0, 0, -1, iov, nitems(iov)); |