From 93944333c52050ab31d509fcee2333f2e166d945 Mon Sep 17 00:00:00 2001 From: Riccardo Spagni Date: Fri, 14 Aug 2015 19:12:19 +0200 Subject: update unbound --- external/unbound/testcode/petal.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'external/unbound/testcode') diff --git a/external/unbound/testcode/petal.c b/external/unbound/testcode/petal.c index 964735b39..a54181c37 100644 --- a/external/unbound/testcode/petal.c +++ b/external/unbound/testcode/petal.c @@ -236,12 +236,28 @@ setup_ctx(char* key, char* cert) if(!ctx) print_exit("out of memory"); (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); - if(!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) + if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) print_exit("cannot read cert"); if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) print_exit("cannot read key"); if(!SSL_CTX_check_private_key(ctx)) print_exit("private key is not correct"); +#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO + if (!SSL_CTX_set_ecdh_auto(ctx,1)) + if(verb>=1) printf("failed to set_ecdh_auto, not enabling ECDHE\n"); +#elif defined(USE_ECDSA) + if(1) { + EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); + if (!ecdh) { + if(verb>=1) printf("could not find p256, not enabling ECDHE\n"); + } else { + if (1 != SSL_CTX_set_tmp_ecdh (ctx, ecdh)) { + if(verb>=1) printf("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE\n"); + } + EC_KEY_free(ecdh); + } + } +#endif if(!SSL_CTX_load_verify_locations(ctx, cert, NULL)) print_exit("cannot load cert verify locations"); return ctx; -- cgit v1.2.3