Skip to content
Snippets Groups Projects
Commit d214bfeb authored by Seva's avatar Seva Committed by Adrien Béraud
Browse files

dhtproxy: patch client renegotiation

parent d551b8a5
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/dht_proxy_server.cpp
+ 7
4
View file @ d214bfeb
...@@ -116,15 +116,18 @@ DhtProxyServer::DhtProxyServer( ...@@ -116,15 +116,18 @@ DhtProxyServer::DhtProxyServer(
jsonBuilder_["indentation"] = ""; jsonBuilder_["indentation"] = "";
if (identity.first and identity.second) { if (identity.first and identity.second) {
asio::error_code ec;
// define tls context // define tls context
asio::ssl::context tls_context { asio::ssl::context::sslv23 }; asio::ssl::context tls_context { asio::ssl::context::sslv23 };
tls_context.set_options(asio::ssl::context::default_workarounds tls_context.set_options(asio::ssl::context::default_workarounds
| asio::ssl::context::no_sslv2 | asio::ssl::context::no_sslv2
| asio::ssl::context::single_dh_use); | asio::ssl::context::single_dh_use, ec);
// save keys in memory & set in tls context if (ec)
asio::error_code ec; throw std::runtime_error("Error setting tls context options: " + ec.message());
// add more security options
SSL_CTX_set_options(tls_context.native_handle(), SSL_OP_NO_RENEGOTIATION); // CVE-2009-3555
// node private key // node private key
auto pk = identity.first->serialize(); // returns Blob auto pk = identity.first->serialize();
pk_ = std::make_unique<asio::const_buffer>(static_cast<void*>(pk.data()), (std::size_t) pk.size()); pk_ = std::make_unique<asio::const_buffer>(static_cast<void*>(pk.data()), (std::size_t) pk.size());
tls_context.use_private_key(*pk_, asio::ssl::context::file_format::pem, ec); tls_context.use_private_key(*pk_, asio::ssl::context::file_format::pem, ec);
if (ec) if (ec)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment