PERFORCE change 136594 for review
Christian S.J. Peron
csjp at FreeBSD.org
Sat Mar 1 19:02:33 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=136594
Change 136594 by csjp at ibm01 on 2008/03/01 19:01:37
We dont process Diffie Hellman parameters when we are running in client
mode. Introduce context flags "server" and "client" and pass them
to the crypto context initialization function.
Affected files ...
.. //depot/projects/trustedbsd/netauditd/crypto.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/netauditd/crypto.c#2 (text+ko) ====
@@ -31,6 +31,9 @@
BIO *c_bioerror;
};
+#define CRTYPO_CTX_CLIENT 1
+#define CRYPTO_CTX_SERVER 2
+
static char *crypto_pass;
static int
@@ -46,7 +49,7 @@
}
int
-crypto_init_context(struct crypto_context *ct)
+crypto_init_context(struct crypto_context *ct, int ctx_type)
{
SSL_METHOD *meth;
DH *ret;
@@ -79,12 +82,15 @@
if ((bio = BIO_new_file("DHFILE", "r")) == NULL)
berr_exit("Couldn't open DH file");
/*
- * Process DH parameters
+ * If we are initializing this crypto context for serving SSL clients,
+ * make sure we initialize our Diffie Hellman parameters.
*/
- ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
- BIO_free(bio);
- if(SSL_CTX_set_tmp_dh(ct->c_ctx,ret) < 0)
- berr_exit("Couldn't set DH parameters");
+ if (ctx_type == CRYPTO_CTX_SERVER) {
+ ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ BIO_free(bio);
+ if (SSL_CTX_set_tmp_dh(ct->c_ctx, ret) < 0)
+ berr_exit("Couldn't set DH parameters");
+ }
return (0);
}
More information about the p4-projects
mailing list