X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssli_openssl.c;h=2dd55ef8839bfe334c717c896305416543b4608f;hb=c72ebd29f239793218f2248c3f8b48a7b3e0a541;hp=de081fa8dac69a61ed0bae4f50122a45ade326c0;hpb=ef99834a4e34039b59394d69b79c1c5540302d22;p=umurmur.git diff --git a/src/ssli_openssl.c b/src/ssli_openssl.c index de081fa..2dd55ef 100644 --- a/src/ssli_openssl.c +++ b/src/ssli_openssl.c @@ -33,6 +33,7 @@ #include "conf.h" #include "log.h" +#include "memory.h" #include "ssl.h" /* @@ -48,6 +49,8 @@ static RSA *rsa; static SSL_CTX *context; static EVP_PKEY *pkey; +static char const * ciphers = "EECDH+AESGCM:AES256-SHA:AES128-SHA"; + static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx); static int SSL_add_ext(X509 * crt, int nid, char *value) { @@ -219,13 +222,19 @@ void SSLi_init(void) SSL_load_error_strings(); ERR_load_crypto_strings(); - context = SSL_CTX_new(SSLv23_server_method()); + context = SSL_CTX_new(TLSv1_2_server_method()); if (context == NULL) { ERR_print_errors_fp(stderr); abort(); } + SSL_CTX_set_cipher_list(context, ciphers); + + EC_KEY *ecdhkey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + SSL_CTX_set_tmp_ecdh(context, ecdhkey); + EC_KEY_free(ecdhkey); + char const * sslCAPath = getStrConf(CAPATH); if(sslCAPath != NULL) { @@ -250,9 +259,7 @@ void SSLi_init(void) Log_debug("%s", SSL_CIPHER_get_name(cipher)); cipherstringlen += strlen(SSL_CIPHER_get_name(cipher)) + 1; } - cipherstring = malloc(cipherstringlen + 1); - if (cipherstring == NULL) - Log_fatal("Out of memory"); + cipherstring = Memory_safeMalloc(1, cipherstringlen + 1); for (i = 0; (cipher = sk_SSL_CIPHER_value(cipherlist_new, i)) != NULL; i++) { offset += sprintf(cipherstring + offset, "%s:", SSL_CIPHER_get_name(cipher)); } @@ -328,10 +335,7 @@ bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) } len = i2d_X509(x509, NULL); - buf = malloc(len); - if (buf == NULL) { - Log_fatal("malloc"); - } + buf = Memory_safeMalloc(1, len); p = buf; i2d_X509(x509, &p);