lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[mod_openssl] disable DH auto if DHParameters set 

disable DH auto (SSL_CTX_set_dh_auto() with OpenSSL >= 3.0.0)
if "DHParameters" is set in ssl.openssl.ssl-conf-cmd

x-ref:
  "Lighttpd disregards ssl.dh-file setting"
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040525
This commit is contained in:
Glenn Strauss 2023-09-10 23:41:59 -04:00
parent 98732c3576
commit f7f800c5cc
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/mod_openssl.c
View File

@ -2000,6 +2000,10 @@ network_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
#endif
continue;
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("DHParameters")))
SSL_CTX_set_dh_auto(s->ssl_ctx, 0);
#endif
ERR_clear_error();
if (SSL_CONF_cmd(cctx, ds->key.ptr, ds->value.ptr) <= 0) {
log_error(srv->errh, __FILE__, __LINE__,