summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp36
1 files changed, 36 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 01bf11678..737dab914 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -141,6 +141,38 @@ class ModuleSSLOpenSSL : public Module
ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final);
}
+#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+ void SetupECDH(ConfigTag* tag)
+ {
+ std::string curvename = tag->getString("ecdhcurve", "prime256v1");
+ if (curvename.empty())
+ return;
+
+ int nid = OBJ_sn2nid(curvename.c_str());
+ if (nid == 0)
+ {
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unknown curve: \"%s\"", curvename.c_str());
+ return;
+ }
+
+ EC_KEY* eckey = EC_KEY_new_by_curve_name(nid);
+ if (!eckey)
+ {
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unable to create EC key object");
+ return;
+ }
+
+ ERR_clear_error();
+ if (SSL_CTX_set_tmp_ecdh(ctx, eckey) < 0)
+ {
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set ECDH parameters");
+ ERR_print_errors_cb(error_callback, this);
+ }
+
+ EC_KEY_free(eckey);
+ }
+#endif
+
public:
ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK)
@@ -334,6 +366,10 @@ class ModuleSSLOpenSSL : public Module
#ifndef _WIN32
fclose(dhpfile);
#endif
+
+#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
+ SetupECDH(conf);
+#endif
}
void On005Numeric(std::string &output)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 19:45:44 +0000