You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2016/04/10 10:22:33 UTC
svn commit: r1738408 - /tomcat/native/trunk/native/src/ssl.c
Author: rjung
Date: Sun Apr 10 08:22:33 2016
New Revision: 1738408
URL: http://svn.apache.org/viewvc?rev=1738408&view=rev
Log:
Support for OpenSSL 1.1.0:
- DH was made opaque.
Modified:
tomcat/native/trunk/native/src/ssl.c
Modified: tomcat/native/trunk/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1738408&r1=1738407&r2=1738408&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/ssl.c (original)
+++ tomcat/native/trunk/native/src/ssl.c Sun Apr 10 08:22:33 2016
@@ -197,17 +197,23 @@ static const jint supported_ssl_opts = 0
* Grab well-defined DH parameters from OpenSSL, see the get_rfc*
* functions in <openssl/bn.h> for all available primes.
*/
-static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen)
+static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *))
{
DH *dh = DH_new();
+ BIGNUM *p, *g;
if (!dh) {
return NULL;
}
- dh->p = prime(NULL);
- BN_dec2bn(&dh->g, gen);
- if (!dh->p || !dh->g) {
+ p = prime(NULL);
+ g = BN_new();
+ if (g != NULL) {
+ BN_set_word(g, 2);
+ }
+ if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
+ BN_free(p);
+ BN_free(g);
return NULL;
}
return dh;
@@ -232,7 +238,7 @@ static void init_dh_params(void)
unsigned n;
for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)
- dhparams[n].dh = make_dh_params(dhparams[n].prime, "2");
+ dhparams[n].dh = make_dh_params(dhparams[n].prime);
}
static void free_dh_params(void)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org