[patch] more TLS configuration options for nnrpd
julien at trigofacile.com
Sun Nov 23 13:10:26 UTC 2014
> In fact, I have got ECDH support implemented. I'll attach a patch that
> goes on top of the first one, and would very much like people to
> critique this and test it, because the OpenSSL docs are less than
> helpful and I had to resort to reverse engineer the apache source.
> Consider it experimental -- not "crashing your server", but "may be
I have been testing your patch for a few days, without any problem.
Thanks for it!
Reading the OBJ_nid2obj(3) doc, I see that they #include
<openssl/objects.h> when using OBJ_nid2sn(). Shouldn't we also add that
include in tls.h when HAVE_SSL_ECC is set?
> The default is unset, which means an appropriate curve is
> auto-selected (if your OpenSSL version supports it) or the NIST
> P-256 curve is used.
Are we sure NID_X9_62_prime256v1 always exists? Maybe in OpenSSL
versions where SSL_CTX_set_ecdh_auto does not exist, this curve exists;
so that's fine to call it without testing its existence.
« Ils ont refusé une offre de Normand ?!? » (Astérix)
More information about the inn-workers