From d7fddadaeccb453fe3a38e2dea3362c0aa46b314 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Thu, 18 Feb 2016 20:36:55 +0800 Subject: [PATCH] context creation info add ecdh_curve Signed-off-by: Andy Green --- changelog | 8 ++++++++ lib/libwebsockets.h | 2 ++ lib/ssl.c | 3 +++ 3 files changed, 13 insertions(+) diff --git a/changelog b/changelog index 91e1e4b..db8fce7 100644 --- a/changelog +++ b/changelog @@ -1,6 +1,14 @@ Changelog --------- +User API additions +------------------ + +1) There's a new member in struct lws_context_creation_info, ecdh_curve, +which lets you set the name of the ECDH curve OpenSSL should use. By +default (if you leave ecdh_curve NULL) it will use "prime256v1" + + v1.7.0 ====== diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 7db50aa..6175a3d 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -1319,6 +1319,7 @@ extern int lws_extension_callback_pm_deflate( * library are protected from hanging forever by timeouts. If * nonzero, this member lets you set the timeout used in seconds. * Otherwise a default timeout is used. + * @ecdh_curve: if NULL, defaults to initializing server with "prime256v1" */ struct lws_context_creation_info { @@ -1353,6 +1354,7 @@ struct lws_context_creation_info { unsigned int count_threads; unsigned int fd_limit_per_thread; unsigned int timeout_secs; + const char *ecdh_curve; /* Add new things just above here ---^ * This is part of the ABI, don't needlessly break compatibility diff --git a/lib/ssl.c b/lib/ssl.c index ac3ad2e..719f4bf 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -144,6 +144,9 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info, int ecdh_nid; const char *ecdh_curve = "prime256v1"; + if (info->ecdh_curve) + ecdh_curve = info->ecdh_curve; + ecdh_nid = OBJ_sn2nid(ecdh_curve); if (NID_undef == ecdh_nid) { lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve); -- 2.7.4