summaryrefslogtreecommitdiff
path: root/lib/libtls/tls_config.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libtls/tls_config.c')
-rw-r--r--lib/libtls/tls_config.c30
1 files changed, 25 insertions, 5 deletions
diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c
index 16120c5e4e3..7697fa6ee85 100644
--- a/lib/libtls/tls_config.c
+++ b/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.2 2015/01/22 09:16:24 reyk Exp $ */
+/* $OpenBSD: tls_config.c,v 1.3 2015/02/07 06:19:26 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@@ -71,7 +71,8 @@ tls_config_new(void)
tls_config_free(config);
return (NULL);
}
- tls_config_set_ecdhcurve(config, "auto");
+ tls_config_set_dheparams(config, "none");
+ tls_config_set_ecdhecurve(config, "auto");
tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
tls_config_set_verify_depth(config, 6);
@@ -145,18 +146,37 @@ tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
}
int
-tls_config_set_ecdhcurve(struct tls_config *config, const char *name)
+tls_config_set_dheparams(struct tls_config *config, const char *params)
+{
+ int keylen;
+
+ if (params == NULL || strcasecmp(params, "none") == 0)
+ keylen = 0;
+ else if (strcasecmp(params, "auto") == 0)
+ keylen = -1;
+ else if (strcmp(params, "legacy"))
+ keylen = 1024;
+ else
+ return (-1);
+
+ config->dheparams = keylen;
+
+ return (0);
+}
+
+int
+tls_config_set_ecdhecurve(struct tls_config *config, const char *name)
{
int nid;
- if (name == NULL)
+ if (name == NULL || strcasecmp(name, "none") == 0)
nid = NID_undef;
else if (strcasecmp(name, "auto") == 0)
nid = -1;
else if ((nid = OBJ_txt2nid(name)) == NID_undef)
return (-1);
- config->ecdhcurve = nid;
+ config->ecdhecurve = nid;
return (0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-13 17:27:39 +0000