|
|
000b35 |
diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
|
|
|
000b35 |
--- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig 2021-06-01 09:29:27.976842727 +0200
|
|
|
000b35 |
+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c 2021-06-01 09:31:05.232015887 +0200
|
|
|
000b35 |
@@ -353,65 +353,6 @@ static int verify_callback(int preverify
|
|
|
000b35 |
return preverify_ok;
|
|
|
000b35 |
}
|
|
|
000b35 |
|
|
|
000b35 |
-// This was introduced in v1.1
|
|
|
000b35 |
-#if OPENSSL_VERSION_NUMBER < 0x10100000
|
|
|
000b35 |
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
|
|
000b35 |
-{
|
|
|
000b35 |
- dh->p = p;
|
|
|
000b35 |
- dh->q = q;
|
|
|
000b35 |
- dh->g = g;
|
|
|
000b35 |
- return 1;
|
|
|
000b35 |
-}
|
|
|
000b35 |
-#endif
|
|
|
000b35 |
-
|
|
|
000b35 |
-// this code was generated using the command:
|
|
|
000b35 |
-// "openssl dhparam -C -2 2048"
|
|
|
000b35 |
-static DH *get_dh2048(void)
|
|
|
000b35 |
-{
|
|
|
000b35 |
- static const unsigned char dhp_2048[]={
|
|
|
000b35 |
- 0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
|
|
|
000b35 |
- 0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
|
|
|
000b35 |
- 0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
|
|
|
000b35 |
- 0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
|
|
|
000b35 |
- 0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
|
|
|
000b35 |
- 0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
|
|
|
000b35 |
- 0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
|
|
|
000b35 |
- 0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
|
|
|
000b35 |
- 0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
|
|
|
000b35 |
- 0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
|
|
|
000b35 |
- 0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
|
|
|
000b35 |
- 0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
|
|
|
000b35 |
- 0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
|
|
|
000b35 |
- 0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
|
|
|
000b35 |
- 0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
|
|
|
000b35 |
- 0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
|
|
|
000b35 |
- 0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
|
|
|
000b35 |
- 0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
|
|
|
000b35 |
- 0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
|
|
|
000b35 |
- 0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
|
|
|
000b35 |
- 0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
|
|
|
000b35 |
- 0x23,0x1C,0x09,0x33,
|
|
|
000b35 |
- };
|
|
|
000b35 |
- static const unsigned char dhg_2048[]={
|
|
|
000b35 |
- 0x02,
|
|
|
000b35 |
- };
|
|
|
000b35 |
- DH *dh = DH_new();
|
|
|
000b35 |
- BIGNUM *dhp_bn, *dhg_bn;
|
|
|
000b35 |
-
|
|
|
000b35 |
- if (dh == NULL)
|
|
|
000b35 |
- return NULL;
|
|
|
000b35 |
- dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
|
|
|
000b35 |
- dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
|
|
|
000b35 |
- if (dhp_bn == NULL || dhg_bn == NULL
|
|
|
000b35 |
- || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
|
|
|
000b35 |
- DH_free(dh);
|
|
|
000b35 |
- BN_free(dhp_bn);
|
|
|
000b35 |
- BN_free(dhg_bn);
|
|
|
000b35 |
- return NULL;
|
|
|
000b35 |
- }
|
|
|
000b35 |
- return dh;
|
|
|
000b35 |
-}
|
|
|
000b35 |
-
|
|
|
000b35 |
typedef struct {
|
|
|
000b35 |
char *id;
|
|
|
000b35 |
SSL_SESSION *session;
|
|
|
000b35 |
@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
|
|
|
000b35 |
domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
|
|
|
000b35 |
# endif
|
|
|
000b35 |
|
|
|
000b35 |
- DH *dh = get_dh2048();
|
|
|
000b35 |
- if (dh) {
|
|
|
000b35 |
- SSL_CTX_set_tmp_dh(domain->ctx, dh);
|
|
|
000b35 |
- DH_free(dh);
|
|
|
000b35 |
- SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
|
|
|
000b35 |
- }
|
|
|
000b35 |
-
|
|
|
000b35 |
return true;
|
|
|
000b35 |
}
|
|
|
000b35 |
|