svn commit: r1585923 - in /tomcat/native/branches/1.1.x/native: include/ssl_private.h src/sslcontext.c

Wed, 09 Apr 2014 02:53:26 -0700 

Author: mturk
Date: Wed Apr  9 09:52:40 2014
New Revision: 1585923

URL: http://svn.apache.org/r1585923
Log:
As per Tom's suggestion. Set SSL_OP_SINGLE_ECDH_USE to context

Modified:
    tomcat/native/branches/1.1.x/native/include/ssl_private.h
    tomcat/native/branches/1.1.x/native/src/sslcontext.c

Modified: tomcat/native/branches/1.1.x/native/include/ssl_private.h
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/ssl_private.h?rev=1585923&r1=1585922&r2=1585923&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/include/ssl_private.h (original)
+++ tomcat/native/branches/1.1.x/native/include/ssl_private.h Wed Apr  9 
09:52:40 2014
@@ -40,6 +40,12 @@
 #endif
 
 /* OpenSSL headers */
+/* OpenSSL headers */
+#include <openssl/opensslv.h>
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000)
+/* must be defined before including ssl.h */
+#define OPENSSL_NO_SSL_INTERN
+#endif
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
@@ -208,6 +214,11 @@
 #define OCSP_STATUS_UNKNOWN   2
 
 
+/* ECC: make sure we have at least 1.0.0 */
+#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed)
+#define HAVE_ECC              1
+#endif
+
 extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
 
 typedef struct {

Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585923&r1=1585922&r2=1585923&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr  9 09:52:40 
2014
@@ -137,6 +137,9 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
      * Configure additional context ingredients
      */
     SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_DH_USE);
+#ifdef HAVE_ECC
+    SSL_CTX_set_options(c->ctx, SSL_OP_SINGLE_ECDH_USE);
+#endif
 
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
     /*



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to