upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-03-02 05:10:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

MINOR: ssl: do not look at DHparam with OPENSSL_NO_DH

Browse source 
OPENSSL_NO_DH can be defined to avoid obsolete and heavy DH processing.
With OPENSSL_NO_DH, parse the entire PEM file to look at DHparam is wast
of time.
This commit is contained in:
Emmanuel Hocdet 2019-07-30 17:04:01 +02:00 committed by William Lallemand
parent 03e09f3818
commit 54227d8add
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/ssl_sock.c
View file

@ -2967,6 +2967,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an
goto end;
}
#ifndef OPENSSL_NO_DH
/* Seek back to beginning of file */
if (BIO_reset(in) == -1) {
memprintf(err, "%san error occurred while reading the file '%s'.\n",
@ -2976,6 +2977,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an
ckch->dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
/* no need to check for NULL there, dh is not mandatory */
#endif
/* Seek back to beginning of file */
if (BIO_reset(in) == -1) {