You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2014/04/09 11:52:41 UTC
svn commit: r1585923 - in /tomcat/native/branches/1.1.x/native:
include/ssl_private.h src/sslcontext.c
Author: mturk
Date: Wed Apr 9 09:52:40 2014
New Revision: 1585923
URL: http://svn.apache.org/r1585923
Log:
As per Tom's suggestion. Set SSL_OP_SINGLE_ECDH_USE to context
Modified:
tomcat/native/branches/1.1.x/native/include/ssl_private.h
tomcat/native/branches/1.1.x/native/src/sslcontext.c
Modified: tomcat/native/branches/1.1.x/native/include/ssl_private.h
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/ssl_private.h?rev=1585923&r1=1585922&r2=1585923&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/include/ssl_private.h (original)
+++ tomcat/native/branches/1.1.x/native/include/ssl_private.h Wed Apr 9 09:52:40 2014
@@ -40,6 +40,12 @@
#endif
/* OpenSSL headers */
+/* OpenSSL headers */
+#include <openssl/opensslv.h>
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000)
+/* must be defined before including ssl.h */
+#define OPENSSL_NO_SSL_INTERN
+#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509.h>
@@ -208,6 +214,11 @@
#define OCSP_STATUS_UNKNOWN 2
+/* ECC: make sure we have at least 1.0.0 */
+#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed)
+#define HAVE_ECC 1
+#endif
+
extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
typedef struct {
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585923&r1=1585922&r2=1585923&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 09:52:40 2014
@@ -137,6 +137,9 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
* Configure additional context ingredients
*/
SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
+#ifdef HAVE_ECC
+ SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_ECDH_USE);
+#endif
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
/*
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org