From d214bfebf5ff19bd301d01d9cc0ea5cd888d1e94 Mon Sep 17 00:00:00 2001
From: Seva <seva@binarytrails.net>
Date: Sun, 18 Aug 2019 13:32:16 -0400
Subject: [PATCH] dhtproxy: patch client renegotiation

---
 src/dht_proxy_server.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/dht_proxy_server.cpp b/src/dht_proxy_server.cpp
index 1714e07d..aa61dbb2 100644
--- a/src/dht_proxy_server.cpp
+++ b/src/dht_proxy_server.cpp
@@ -116,15 +116,18 @@ DhtProxyServer::DhtProxyServer(
     jsonBuilder_["indentation"] = "";
 
     if (identity.first and identity.second) {
+        asio::error_code ec;
         // define tls context
         asio::ssl::context tls_context { asio::ssl::context::sslv23 };
         tls_context.set_options(asio::ssl::context::default_workarounds
                                 | asio::ssl::context::no_sslv2
-                                | asio::ssl::context::single_dh_use);
-        // save keys in memory & set in tls context
-        asio::error_code ec;
+                                | asio::ssl::context::single_dh_use, ec);
+        if (ec)
+            throw std::runtime_error("Error setting tls context options: " + ec.message());
+        // add more security options
+        SSL_CTX_set_options(tls_context.native_handle(), SSL_OP_NO_RENEGOTIATION); // CVE-2009-3555
         // node private key
-        auto pk = identity.first->serialize(); // returns Blob
+        auto pk = identity.first->serialize();
         pk_ = std::make_unique<asio::const_buffer>(static_cast<void*>(pk.data()), (std::size_t) pk.size());
         tls_context.use_private_key(*pk_, asio::ssl::context::file_format::pem, ec);
         if (ec)
-- 
GitLab