dovecot-2.2: lib-ssl-iostream: Support non-1024bit DH parameters...

dovecot at dovecot.org dovecot at dovecot.org
Fri Oct 31 23:55:11 UTC 2014 

details:   http://hg.dovecot.org/dovecot-2.2/rev/6efd7ab25b71
changeset: 18049:6efd7ab25b71
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Oct 31 16:54:07 2014 -0700
description:
lib-ssl-iostream: Support non-1024bit DH parameters in ssl-parameters.dat.

diffstat:

 src/lib-ssl-iostream/iostream-openssl-context.c |   2 +-
 src/lib-ssl-iostream/iostream-openssl-params.c  |  15 ++++++++-------
 src/lib-ssl-iostream/iostream-openssl.h         |   2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (58 lines):

diff -r 267bca7a62fb -r 6efd7ab25b71 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c	Thu Oct 30 22:02:52 2014 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c	Fri Oct 31 16:54:07 2014 -0700
@@ -77,7 +77,7 @@
 	if (is_export && keylength == 512 && ssl_io->ctx->dh_512 != NULL)
 		return ssl_io->ctx->dh_512;
 	else
-		return ssl_io->ctx->dh_1024;
+		return ssl_io->ctx->dh_default;
 }
 
 static int
diff -r 267bca7a62fb -r 6efd7ab25b71 src/lib-ssl-iostream/iostream-openssl-params.c
--- a/src/lib-ssl-iostream/iostream-openssl-params.c	Thu Oct 30 22:02:52 2014 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-params.c	Fri Oct 31 16:54:07 2014 -0700
@@ -93,13 +93,14 @@
 
 	switch (bits) {
 	case 512:
+		if (ctx->dh_512 != NULL)
+			return -1;
 		ctx->dh_512 = dh;
 		break;
-	case 1024:
-		ctx->dh_1024 = dh;
-		break;
 	default:
-		ret = -1;
+		if (ctx->dh_default != NULL)
+			return -1;
+		ctx->dh_default = dh;
 		break;
 	}
 	return ret;
@@ -126,8 +127,8 @@
 		DH_free(ctx->dh_512);
                 ctx->dh_512 = NULL;
 	}
-	if (ctx->dh_1024 != NULL) {
-		DH_free(ctx->dh_1024);
-                ctx->dh_1024 = NULL;
+	if (ctx->dh_default != NULL) {
+		DH_free(ctx->dh_default);
+                ctx->dh_default = NULL;
 	}
 }
diff -r 267bca7a62fb -r 6efd7ab25b71 src/lib-ssl-iostream/iostream-openssl.h
--- a/src/lib-ssl-iostream/iostream-openssl.h	Thu Oct 30 22:02:52 2014 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl.h	Fri Oct 31 16:54:07 2014 -0700
@@ -11,7 +11,7 @@
 	pool_t pool;
 	const struct ssl_iostream_settings *set;
 
-	DH *dh_512, *dh_1024;
+	DH *dh_512, *dh_default;
 	int username_nid;
 
 	unsigned int client_ctx:1;

More information about the dovecot-cvs mailing list