albino
/
ngircd-tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime 

For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e.

This patch enables ngIRCd to accept incoming connections from other servers
and clients that use at least 1024 bits (and no longer requires 2048 for
incoming connections, too).

Patch proposed by Florian Westphal.
This commit is contained in:
Alexander Barton 2011-06-28 13:48:33 +02:00
parent 7ae7ace579
commit 2d35731399
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ngircd/conn-ssl.c
View File

@ -52,9 +52,10 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c ));
#include <gnutls/x509.h> #include <gnutls/x509.h>
#define DH_BITS 2048 #define DH_BITS 2048
#define DH_BITS_MIN 1024
static gnutls_certificate_credentials_t x509_cred; static gnutls_certificate_credentials_t x509_cred;
static gnutls_dh_params_t dh_params; static gnutls_dh_params_t dh_params;
static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void )); static bool ConnSSL_LoadServerKey_gnutls PARAMS(( void ));
#endif #endif
@ -426,7 +427,7 @@ ConnSSL_Init_SSL(CONNECTION *c)
ConnSSL_Free(c); ConnSSL_Free(c);
return false; return false;
} }
gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS); gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN);
#endif #endif
Conn_OPTION_ADD(c, CONN_SSL); Conn_OPTION_ADD(c, CONN_SSL);
return true; return true;