context creation info add ecdh_curve

Signed-off-by: Andy Green <andy.green@linaro.org>

diff --git a/changelog b/changelog
index 91e1e4b..db8fce7 100644 (file)
--- a/changelog
+++ b/changelog
@@ -1,6 +1,14 @@
 Changelog
 ---------
 
+User API additions
+------------------
+
+1) There's a new member in struct lws_context_creation_info, ecdh_curve,
+which lets you set the name of the ECDH curve OpenSSL should use.  By
+default (if you leave ecdh_curve NULL) it will use "prime256v1"
+
+
 v1.7.0
 ======
 

diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 7db50aa..6175a3d 100644 (file)
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -1319,6 +1319,7 @@ extern int lws_extension_callback_pm_deflate(
  *             library are protected from hanging forever by timeouts.  If
  *             nonzero, this member lets you set the timeout used in seconds.
  *             Otherwise a default timeout is used.
+ * @ecdh_curve: if NULL, defaults to initializing server with "prime256v1"
  */
 
 struct lws_context_creation_info {
@@ -1353,6 +1354,7 @@ struct lws_context_creation_info {
        unsigned int count_threads;
        unsigned int fd_limit_per_thread;
        unsigned int timeout_secs;
+       const char *ecdh_curve;
 
        /* Add new things just above here ---^
         * This is part of the ABI, don't needlessly break compatibility

diff --git a/lib/ssl.c b/lib/ssl.c
index ac3ad2e..719f4bf 100644 (file)
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -144,6 +144,9 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
        int ecdh_nid;
        const char *ecdh_curve = "prime256v1";
 
+       if (info->ecdh_curve)
+               ecdh_curve = info->ecdh_curve;
+
        ecdh_nid = OBJ_sn2nid(ecdh_curve);
        if (NID_undef == ecdh_nid) {
                lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve);