aboutsummaryrefslogtreecommitdiff
path: root/src/lib/tls/tortls_openssl.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-11-09 10:49:47 -0500
committerNick Mathewson <nickm@torproject.org>2018-11-09 10:49:47 -0500
commit2ac2d0a426d1cd0ba1b2004d349b28e7acda0666 (patch)
treedf7b86c633fb7ad5812c45723d3e59db79630bc3 /src/lib/tls/tortls_openssl.c
parent8db047b927d4675661e86b563509c0f28b51a1ed (diff)
parent591a189fa42c87d706b4395ac6e70110f88b4fe9 (diff)
downloadtor-2ac2d0a426d1cd0ba1b2004d349b28e7acda0666.tar.gz
tor-2ac2d0a426d1cd0ba1b2004d349b28e7acda0666.zip
Merge branch 'maint-0.3.4' into maint-0.3.5
Diffstat (limited to 'src/lib/tls/tortls_openssl.c')
-rw-r--r--src/lib/tls/tortls_openssl.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 227225b96e..235620714a 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -639,6 +639,22 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
SSL_CTX_set_tmp_dh(result->ctx, dh);
DH_free(dh);
}
+/* We check for this function in two ways, since it might be either a symbol
+ * or a macro. */
+#if defined(SSL_CTX_set1_groups_list) || defined(HAVE_SSL_CTX_SET1_GROUPS_LIST)
+ {
+ const char *list;
+ if (flags & TOR_TLS_CTX_USE_ECDHE_P224)
+ list = "P-224:P-256";
+ else if (flags & TOR_TLS_CTX_USE_ECDHE_P256)
+ list = "P-256:P-224";
+ else
+ list = "P-256:P-224";
+ int r = SSL_CTX_set1_groups_list(result->ctx, list);
+ if (r < 0)
+ goto error;
+ }
+#else
if (! is_client) {
int nid;
EC_KEY *ec_key;
@@ -654,6 +670,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
SSL_CTX_set_tmp_ecdh(result->ctx, ec_key);
EC_KEY_free(ec_key);
}
+#endif
SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
always_accept_verify_cb);
/* let us realloc bufs that we're writing from */
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion