Blame SOURCES/sendmail-8.14.7-add-ec-support.patch
|
|
0da65e |
diff --git a/sendmail/tls.c b/sendmail/tls.c
|
|
|
0da65e |
index 60d408e..72da987 100644
|
|
|
0da65e |
--- a/sendmail/tls.c
|
|
|
0da65e |
+++ b/sendmail/tls.c
|
|
|
0da65e |
@@ -970,6 +970,9 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
|
|
|
0da65e |
/* Diffie-Hellman initialization */
|
|
|
0da65e |
if (bitset(TLS_I_TRY_DH, req))
|
|
|
0da65e |
{
|
|
|
0da65e |
+#if _FFR_TLS_EC
|
|
|
0da65e |
+ EC_KEY *ecdh;
|
|
|
0da65e |
+#endif /* _FFR_TLS_EC */
|
|
|
0da65e |
if (bitset(TLS_S_DHPAR_OK, status))
|
|
|
0da65e |
{
|
|
|
0da65e |
BIO *bio;
|
|
|
0da65e |
@@ -1044,6 +1047,17 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
|
|
|
0da65e |
who, 8 * DH_size(dh), *dhparam);
|
|
|
0da65e |
DH_free(dh);
|
|
|
0da65e |
}
|
|
|
0da65e |
+
|
|
|
0da65e |
+#if _FFR_TLS_EC
|
|
|
0da65e |
+ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
|
|
0da65e |
+ if (ecdh != NULL)
|
|
|
0da65e |
+ {
|
|
|
0da65e |
+ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
|
|
|
0da65e |
+ SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
|
|
|
0da65e |
+ EC_KEY_free(ecdh);
|
|
|
0da65e |
+ }
|
|
|
0da65e |
+#endif /* _FFR_TLS_EC */
|
|
|
0da65e |
+
|
|
|
0da65e |
}
|
|
|
0da65e |
# endif /* !NO_DH */
|
|
|
0da65e |
|