Date: Sat, 1 Mar 2008 19:02:32 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 136594 for review Message-ID: <200803011902.m21J2Wor063860@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=136594 Change 136594 by csjp@ibm01 on 2008/03/01 19:01:37 We dont process Diffie Hellman parameters when we are running in client mode. Introduce context flags "server" and "client" and pass them to the crypto context initialization function. Affected files ... .. //depot/projects/trustedbsd/netauditd/crypto.c#2 edit Differences ... ==== //depot/projects/trustedbsd/netauditd/crypto.c#2 (text+ko) ==== @@ -31,6 +31,9 @@ BIO *c_bioerror; }; +#define CRTYPO_CTX_CLIENT 1 +#define CRYPTO_CTX_SERVER 2 + static char *crypto_pass; static int @@ -46,7 +49,7 @@ } int -crypto_init_context(struct crypto_context *ct) +crypto_init_context(struct crypto_context *ct, int ctx_type) { SSL_METHOD *meth; DH *ret; @@ -79,12 +82,15 @@ if ((bio = BIO_new_file("DHFILE", "r")) == NULL) berr_exit("Couldn't open DH file"); /* - * Process DH parameters + * If we are initializing this crypto context for serving SSL clients, + * make sure we initialize our Diffie Hellman parameters. */ - ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); - BIO_free(bio); - if(SSL_CTX_set_tmp_dh(ct->c_ctx,ret) < 0) - berr_exit("Couldn't set DH parameters"); + if (ctx_type == CRYPTO_CTX_SERVER) { + ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + BIO_free(bio); + if (SSL_CTX_set_tmp_dh(ct->c_ctx, ret) < 0) + berr_exit("Couldn't set DH parameters"); + } return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803011902.m21J2Wor063860>