ps/hermes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ADD: support for Perfect Forward Security (patch by Michael Brunnbauer)

Browse source
This commit is contained in:
Juan José Gutiérrez de Quevedo Pérez 2014-10-09 15:24:48 +02:00
parent 5627834132
commit 45c9272fce
2 changed files with 31 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/Socket.cpp
View file

@ -61,6 +61,31 @@ Socket::Socket():fd(-1)
/* load certificate */
if(SSL_CTX_use_certificate_chain_file(ssl_ctx_server,cfg.getCertificateFile().c_str())==-1)
throw Exception(_("Error loading certificate"),__FILE__,__LINE__);
/* load DH params */
BIO *bio;
DH *dh;
if (cfg.getDhparamsFile().size())
{
if ((bio=BIO_new_file(cfg.getDhparamsFile().c_str(), "r")) != 0)
{
if ((dh=PEM_read_bio_DHparams(bio, NULL, NULL, NULL)) != 0)
{
SSL_CTX_set_tmp_dh(ssl_ctx_server, dh);
DH_free(dh);
}
else
{
throw Exception(_("Error loading DH params"),__FILE__,__LINE__);
}
BIO_free(bio);
}
else
{
throw Exception(_("Error opening DH params file"),__FILE__,__LINE__);
}
}
/* load private key */
if(SSL_CTX_use_PrivateKey_file(ssl_ctx_server,cfg.getPrivateKeyFile().c_str(),SSL_FILETYPE_PEM)==-1)
throw Exception(_("Error loading private key"),__FILE__,__LINE__);