int ressl_check_hostname(X509 *cert, const char *host);
int ressl_configure_keypair(struct ressl *ctx);
+int ressl_configure_server(struct ressl *ctx);
int ressl_host_port(const char *hostport, char **host, char **port);
int ressl_set_error(struct ressl *ctx, char *fmt, ...);
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include <openssl/ec.h>
+#include <openssl/ssl.h>
+
#include "ressl_internal.h"
struct ressl *
return (conn_ctx);
}
+int
+ressl_configure_server(struct ressl *ctx)
+{
+ EC_KEY *ecdh_key;
+
+ /* XXX - add a configuration option to control versions. */
+ if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
+ ressl_set_error(ctx, "ssl context failure");
+ goto err;
+ }
+
+ if (ressl_configure_keypair(ctx) != 0)
+ goto err;
+
+ if (ctx->config->ciphers != NULL) {
+ if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
+ ctx->config->ciphers) != 1) {
+ ressl_set_error(ctx, "failed to set ciphers");
+ goto err;
+ }
+ }
+
+ if ((ecdh_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) == NULL)
+ goto err;
+ SSL_CTX_set_tmp_ecdh(ctx->ssl_ctx, ecdh_key);
+ SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
+ EC_KEY_free(ecdh_key);
+
+ return (0);
+
+err:
+ return (-1);
+}
+
int
ressl_listen(struct ressl *ctx, const char *host, const char *port, int af)
{
projects / openbsd / commitdiff