# HG changeset patch
# User Alessandro Ghedini <alessandro@cloudflare.com>
# Date 1462967148 -3600
# Wed May 11 12:45:48 2016 +0100
# Node ID f3413937fddaaca954090e26cf92b49fdf2f9722
# Parent 2f98b5709d7965e7c97cb74b8380014179c7bf0d
SSL: DH was made opaque in OpenSSL 1.1.0

DH_set0_pqg() was introduced to initialize the DH parameters.

diff -r 2f98b5709d79 -r f3413937fdda src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Apr 28 16:30:19 2016 +0300
+++ b/src/event/ngx_event_openssl.c Wed May 11 12:45:48 2016 +0100
@@ -915,8 +915,9 @@ ngx_ssl_passwords_cleanup(void *data)
ngx_int_t
ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
{
- DH *dh;
- BIO *bio;
+ DH *dh;
+ BIO *bio;
+ BIGNUM *p, *g;

/*
* -----BEGIN DH PARAMETERS-----
@@ -951,15 +952,24 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_
return NGX_ERROR;
}

- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
- dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
-
- if (dh->p == NULL || dh->g == NULL) {
+ p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+ g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+
+ if (p == NULL || g == NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
+ BN_free(p);
+ BN_free(g);
DH_free(dh);
return NGX_ERROR;
}

+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ DH_set0_pqg(dh, p, NULL, g);
+#else
+ dh->p = p;
+ dh->g = g;
+#endif
+
SSL_CTX_set_tmp_dh(ssl->ctx, dh);

DH_free(dh);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel