diff options
| author |   daurnimator <quae@daurnimator.com>
| 2017-04-03 12:54:23 +1000 |
|---|---|---|
| committer | daurnimator <quae@daurnimator.com>
| 2017-04-03 13:27:15 +1000 |
| commit | a0346d8054d3b19a7e30b5de70048c001d8c2c26 (patch) | |
| tree | 4537a248b1d277ffb2e78bef38b78e0c3f212aab /src | |
| parent | 70439fbea9ddd6acb942fc746bea9a522f940380 (diff) | |
| download | luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.gz luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.bz2 luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.zip | |
openssl.ssl.context.new: Turn on ecdh_auto in OpenSSL 1.0.2
It's on by default in 1.1.0, and supported in < 1.0.2.
Suggestion taken from ruby openssl implementation: https://github.com/ruby/openssl/blob/a7bbd590c66d40bd662502df9c65474e85b5f03f/ext/openssl/ossl_ssl.c#L135
Diffstat (limited to 'src')
| -rw-r--r-- | src/openssl.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c index d679d92..652e38a 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -258,6 +258,10 @@ #define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1)) #endif +#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO +#define HAVE_SSL_CTX_SET_ECDH_AUTO ((OPENSSL_PREREQ(1,0,2) && !OPENSSL_PREREQ(1,1,0)) || LIBRESSL_PREREQ(2,1,2)) +#endif + #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS #define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3)) #endif @@ -7575,6 +7579,15 @@ static int sx_new(lua_State *L) { SSL_CTX_set_options(*ud, options); +#if HAVE_SSL_CTX_SET_ECDH_AUTO + /* OpenSSL 1.0.2 introduced SSL_CTX_set_ecdh_auto to automatically select + * from the curves set via SSL_CTX_set1_curves_list. However as of OpenSSL + * 1.1.0, the functionality was turned on permanently and the option + * removed. */ + if (!SSL_CTX_set_ecdh_auto(*ud, 1)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context.new"); +#endif + return 1; } /* sx_new() */ |