mirror of
https://github.com/matrix-construct/construct
synced 2024-12-26 15:33:54 +01:00
ircd::openssl/ircd::net: Add presupplied rfc3526 DH parameters.
This commit is contained in:
Jason Volk
parent
39756df70f
commit
a4bb471cf7
3 changed files with 45 additions and 1 deletions
|
|
@ -88,6 +88,7 @@ namespace ircd::openssl
|
|||
// DH suite
|
||||
extern const size_t DH_DEFAULT_GEN;
|
||||
extern const size_t DH_DEFAULT_BITS;
|
||||
extern const string_view rfc3526_dh_params_pem;
|
||||
DH &gendh(DH &, const uint &bits = DH_DEFAULT_BITS, const uint &gen = DH_DEFAULT_GEN);
|
||||
string_view gendh(const mutable_buffer &, const uint &bits = DH_DEFAULT_BITS, const uint &gen = DH_DEFAULT_GEN);
|
||||
void gendh(const string_view &dhfile, const uint &bits = DH_DEFAULT_BITS, const uint &gen = DH_DEFAULT_GEN);
|
||||
|
|
|
|||
31
ircd/net.cc
31
ircd/net.cc
|
|
@ -1457,7 +1457,7 @@ ircd::net::listener::acceptor::configure(const json::object &opts)
|
|||
filename);
|
||||
}
|
||||
|
||||
if(opts.has("tmp_dh_path"))
|
||||
if(opts.has("tmp_dh_path") && !empty(unquote(opts.at("tmp_dh_path"))))
|
||||
{
|
||||
const std::string filename
|
||||
{
|
||||
|
|
@ -1477,6 +1477,35 @@ ircd::net::listener::acceptor::configure(const json::object &opts)
|
|||
string(*this),
|
||||
filename);
|
||||
}
|
||||
else if(opts.has("tmp_dh"))
|
||||
{
|
||||
const const_buffer buf
|
||||
{
|
||||
unquote(opts.at("tmp_dh"))
|
||||
};
|
||||
|
||||
ssl.use_tmp_dh(buf);
|
||||
log::info
|
||||
{
|
||||
log, "%s using DH params supplied in options (%zu bytes)",
|
||||
string(*this),
|
||||
size(buf)
|
||||
};
|
||||
}
|
||||
else
|
||||
{
|
||||
const const_buffer &buf
|
||||
{
|
||||
openssl::rfc3526_dh_params_pem
|
||||
};
|
||||
|
||||
ssl.use_tmp_dh(buf);
|
||||
log::info
|
||||
{
|
||||
log, "%s using pre-supplied rfc3526 DH parameters.",
|
||||
string(*this)
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
|
|
|
|||
|
|
@ -623,6 +623,20 @@ ircd::openssl::get_time(const ASN1_TIME &t)
|
|||
// DH
|
||||
//
|
||||
|
||||
decltype(ircd::openssl::rfc3526_dh_params_pem)
|
||||
ircd::openssl::rfc3526_dh_params_pem
|
||||
{R"(
|
||||
2048-bit DH parameters taken from rfc3526
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
|
||||
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
|
||||
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
|
||||
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
|
||||
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
|
||||
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
|
||||
-----END DH PARAMETERS-----
|
||||
)"};
|
||||
|
||||
decltype(ircd::openssl::DH_DEFAULT_BITS)
|
||||
ircd::openssl::DH_DEFAULT_BITS
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue