aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/testcode
diff options
context:
space:
mode:
authorRiccardo Spagni <ric@spagni.net>2015-08-14 19:12:19 +0200
committerRiccardo Spagni <ric@spagni.net>2015-08-14 19:12:19 +0200
commit93944333c52050ab31d509fcee2333f2e166d945 (patch)
tree77e223a83bd35329987358ae6448a0ca661e731c /external/unbound/testcode
parentMerge pull request #369 (diff)
downloadmonero-93944333c52050ab31d509fcee2333f2e166d945.tar.xz
update unbound
Diffstat (limited to 'external/unbound/testcode')
-rw-r--r--external/unbound/testcode/petal.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/external/unbound/testcode/petal.c b/external/unbound/testcode/petal.c
index 964735b39..a54181c37 100644
--- a/external/unbound/testcode/petal.c
+++ b/external/unbound/testcode/petal.c
@@ -236,12 +236,28 @@ setup_ctx(char* key, char* cert)
if(!ctx) print_exit("out of memory");
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
- if(!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM))
+ if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
print_exit("cannot read cert");
if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
print_exit("cannot read key");
if(!SSL_CTX_check_private_key(ctx))
print_exit("private key is not correct");
+#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
+ if (!SSL_CTX_set_ecdh_auto(ctx,1))
+ if(verb>=1) printf("failed to set_ecdh_auto, not enabling ECDHE\n");
+#elif defined(USE_ECDSA)
+ if(1) {
+ EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
+ if (!ecdh) {
+ if(verb>=1) printf("could not find p256, not enabling ECDHE\n");
+ } else {
+ if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) {
+ if(verb>=1) printf("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE\n");
+ }
+ EC_KEY_free(ecdh);
+ }
+ }
+#endif
if(!SSL_CTX_load_verify_locations(ctx, cert, NULL))
print_exit("cannot load cert verify locations");
return ctx;