[Openvpn-devel] [PATCH] ssl: enable basic ecdsa

Alon Bar-Lev Mon, 11 Nov 2013 22:27:47 +0000

From: Jan Just Keijser <janj...@nikhef.nl>

Discussion: https://forums.openvpn.net/topic8404-30.html
Tested-By: Sanaullah <sanaulla...@gmail.com>
---
 src/openvpn/ssl_openssl.c | 11 +++++++++++
 1 file changed, 11 insertions(+)


diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index f64177a..665bb5c 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -309,6 +309,7 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const 
char *dh_file,
 {
   DH *dh;
   BIO *bio;
+  EC_KEY *ecdh=NULL;

   ASSERT(NULL != ctx);

@@ -336,6 +337,16 @@ tls_ctx_load_dh_params (struct tls_root_ctx *ctx, const 
char *dh_file,
        8 * DH_size (dh));

   DH_free (dh);
+
+  ecdh = EC_KEY_new_by_curve_name(NID_secp224r1);
+
+  if (ecdh == NULL)
+      msg (M_SSLERR, "Unable to create curve (NID_secp224r1)");
+
+  if (!SSL_CTX_set_tmp_ecdh(ctx->ctx, ecdh))
+      msg (M_SSLERR, "SSL_CTX_set_tmp_ecdh");
+
+  EC_KEY_free(ecdh);
 }

 int
-- 
1.8.3.2

[Openvpn-devel] [PATCH] ssl: enable basic ecdsa

Reply via email to