Old TLS libraries should not be used anymore due to security risks.
#define GNUTLS_NEW_PRIO_API
#endif
#define GNUTLS_NEW_PRIO_API
#endif
-#if (!INSPIRCD_GNUTLS_HAS_VERSION(2, 0, 0))
-typedef gnutls_certificate_credentials_t gnutls_certificate_credentials;
-typedef gnutls_dh_params_t gnutls_dh_params;
-#endif
-
enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN };
#if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0)
enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN };
#if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0)
# pragma comment(lib, "libeay32.lib")
#endif
# pragma comment(lib, "libeay32.lib")
#endif
-#if ((OPENSSL_VERSION_NUMBER >= 0x10000000L) && (!(defined(OPENSSL_NO_ECDH))))
-// OpenSSL 0.9.8 includes some ECC support, but it's unfinished. Enable only for 1.0.0 and later.
-#define INSPIRCD_OPENSSL_ENABLE_ECDH
-#endif
-
// BIO is opaque in OpenSSL 1.1 but the access API does not exist in 1.0 and older.
#if ((defined LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L))
# define BIO_get_data(BIO) BIO->ptr
// BIO is opaque in OpenSSL 1.1 but the access API does not exist in 1.0 and older.
#if ((defined LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L))
# define BIO_get_data(BIO) BIO->ptr
return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0);
}
return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0);
}
-#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
void SetECDH(const std::string& curvename)
{
int nid = OBJ_sn2nid(curvename.c_str());
void SetECDH(const std::string& curvename)
{
int nid = OBJ_sn2nid(curvename.c_str());
-#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH
std::string curvename = tag->getString("ecdhcurve", "prime256v1");
if (!curvename.empty())
ctx.SetECDH(curvename);
std::string curvename = tag->getString("ecdhcurve", "prime256v1");
if (!curvename.empty())
ctx.SetECDH(curvename);