Author: mturk Date: Wed Apr 9 12:54:25 2014 New Revision: 1585957 URL: http://svn.apache.org/r1585957 Log: Ensure we have the needed ECDH with the OpenSSL used
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1585957&r1=1585956&r2=1585957&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original) +++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Wed Apr 9 12:54:25 2014 @@ -154,10 +154,12 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1), &(c->context_id[0]), NULL, EVP_sha1(), NULL); if (mode) { +#ifdef HAVE_ECC /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */ EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); SSL_CTX_set_tmp_ecdh(c->ctx, ecdh); EC_KEY_free(ecdh); +#endif SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA); SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org