https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
--- Comment #2 from Robert Paasche <r.paas...@pripares.com> ---
Removed switch key, to handle more private keylenght (e.g. 3072 bits).
DH *SSL_callback_tmp_DH(SSL *ssl, int export, int keylen)
{
EVP_PKEY *pkey;
int type;
pkey = SSL_get_privatekey(ssl);
type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
/*
* OpenSSL will call us with either keylen == 512 or keylen == 1024
* (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
* Adjust the DH parameter length according to the size of the
* RSA/DSA private key used for the current connection.
*/
if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
keylen = EVP_PKEY_bits(pkey);
}
int idx = SSL_TMP_KEY_DH_512;
if (keylen > 2048)
{
idx = SSL_TMP_KEY_DH_4096;
}
else if (keylen > 1024)
{
idx = SSL_TMP_KEY_DH_2048;
}
else if (keylen > 512)
{
idx = SSL_TMP_KEY_DH_1024;
}
return (DH *)SSL_temp_keys[idx];
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
