sipwise
/
rtpengine
mirror of https://github.com/sipwise/rtpengine.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#55283 DTLS groups: align with OpenSSL 1.1.1 and common EC groups

Browse Source 
closes #1884

Change-Id: Ia2154044d2c0504b6b1a31b17629087d250a40b9
rfuchs/rsmp
S-P Chan 12 months ago committed by Richard Fuchs
parent 03ef7a737c
commit 27ea6b1381
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File

10
daemon/dtls.c
Unescape View File

@ -714,10 +714,12 @@ int dtls_connection_init(struct dtls_connection *d, struct packet_stream *ps, in
d->init = 1; d->init = 1;
SSL_set_mode(d->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_set_mode(d->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
int ec_groups[1] = { NID_X9_62_prime256v1 }; /* SSL_set1_groups_list et al. is not
SSL_set1_groups(d->ssl, &ec_groups, G_N_ELEMENTS(ec_groups)); * necessary for OpenSSL >= 1.1.1 as it has sensible defaults
#else // <3.0 * minimally P-521:P-384:P-256
*/
#if OPENSSL_VERSION_NUMBER < 0x10101000L
EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ecdh == NULL) if (ecdh == NULL)
goto error; goto error;

Write Preview
Loading…
Cancel
Save