Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
c557f921
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
c557f921
编写于
10月 22, 2013
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add SSL_CONF command to set DH Parameters.
上级
abf840e4
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
49 addition
and
2 deletion
+49
-2
doc/ssl/SSL_CONF_cmd.pod
doc/ssl/SSL_CONF_cmd.pod
+12
-0
ssl/ssl_conf.c
ssl/ssl_conf.c
+37
-2
未找到文件。
doc/ssl/SSL_CONF_cmd.pod
浏览文件 @
c557f921
...
...
@@ -103,6 +103,12 @@ context. This option is only supported if certificate operations
are permitted. Note: if no B<-key> option is set then a private key is
not loaded: it does not currently use the B<-cert> file.
=item B<-dhparam>
Attempts to use the file B<value> as the set of temporary DH parameters for
the appropriate context. This option is only supported if certificate
operations are permitted.
=item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
...
...
@@ -185,6 +191,12 @@ context. This option is only supported if certificate operations
are permitted. Note: if no B<-key> option is set then a private key is
not loaded: it does not currently use the B<Certificate> file.
=item B<DHParameters>
Attempts to use the file B<value> as the set of temporary DH parameters for
the appropriate context. This option is only supported if certificate
operations are permitted.
=item B<SignatureAlgorithms>
This sets the supported signature algorithms for TLS v1.2. For clients this
...
...
ssl/ssl_conf.c
浏览文件 @
c557f921
...
...
@@ -388,7 +388,39 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
rv
=
SSL_use_PrivateKey_file
(
cctx
->
ssl
,
value
,
SSL_FILETYPE_PEM
);
return
rv
>
0
;
}
#ifndef OPENSSL_NO_DH
static
int
cmd_DHParameters
(
SSL_CONF_CTX
*
cctx
,
const
char
*
value
)
{
int
rv
=
0
;
DH
*
dh
=
NULL
;
BIO
*
in
=
NULL
;
if
(
!
(
cctx
->
flags
&
SSL_CONF_FLAG_CERTIFICATE
))
return
-
2
;
if
(
cctx
->
ctx
||
cctx
->
ssl
)
{
in
=
BIO_new
(
BIO_s_file_internal
());
if
(
!
in
)
goto
end
;
if
(
BIO_read_filename
(
in
,
value
)
<=
0
)
goto
end
;
dh
=
PEM_read_bio_DHparams
(
in
,
NULL
,
NULL
,
NULL
);
if
(
!
dh
)
goto
end
;
}
else
return
1
;
if
(
cctx
->
ctx
)
rv
=
SSL_CTX_set_tmp_dh
(
cctx
->
ctx
,
dh
);
if
(
cctx
->
ssl
)
rv
=
SSL_set_tmp_dh
(
cctx
->
ssl
,
dh
);
end:
if
(
dh
)
DH_free
(
dh
);
if
(
in
)
BIO_free
(
in
);
return
rv
>
0
;
}
#endif
typedef
struct
{
int
(
*
cmd
)(
SSL_CONF_CTX
*
cctx
,
const
char
*
value
);
...
...
@@ -416,7 +448,10 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
SSL_CONF_CMD_STRING
(
Protocol
,
NULL
),
SSL_CONF_CMD_STRING
(
Options
,
NULL
),
SSL_CONF_CMD
(
Certificate
,
"cert"
,
SSL_CONF_TYPE_FILE
),
SSL_CONF_CMD
(
PrivateKey
,
"key"
,
SSL_CONF_TYPE_FILE
)
SSL_CONF_CMD
(
PrivateKey
,
"key"
,
SSL_CONF_TYPE_FILE
),
#ifndef OPENSSL_NO_DH
SSL_CONF_CMD
(
DHParameters
,
"dhparam"
,
SSL_CONF_TYPE_FILE
)
#endif
};
static
int
ssl_conf_cmd_skip_prefix
(
SSL_CONF_CTX
*
cctx
,
const
char
**
pcmd
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录