You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2014/04/09 14:54:25 UTC
svn commit: r1585957 - /tomcat/native/branches/1.1.x/native/src/sslcontext.c
Author: mturk
Date: Wed Apr 9 12:54:25 2014
New Revision: 1585957
URL: http://svn.apache.org/r1585957
Log:
Ensure we have the needed ECDH with the OpenSSL used
Modified:
tomcat/native/branches/1.1.x/native/src/sslcontext.c
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585957&r1=1585956&r2=1585957&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 12:54:25 2014
@@ -154,10 +154,12 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
(unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
&(c->context_id[0]), NULL, EVP_sha1(), NULL);
if (mode) {
+#ifdef HAVE_ECC
/* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
EC_KEY_free(ecdh);
+#endif
SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org