summaryrefslogtreecommitdiff
path: root/accel-pppd/ctrl
diff options
context:
space:
mode:
Diffstat (limited to 'accel-pppd/ctrl')
-rw-r--r--accel-pppd/ctrl/sstp/sstp.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c
index 2fc2662..aadf746 100644
--- a/accel-pppd/ctrl/sstp/sstp.c
+++ b/accel-pppd/ctrl/sstp/sstp.c
@@ -2368,6 +2368,9 @@ static void ssl_load_config(struct sstp_serv_t *serv, const char *servername)
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
#endif
+#ifndef OPENSSL_NO_DH
+ SSL_OP_SINGLE_DH_USE |
+#endif
SSL_OP_NO_SSLv2 |
SSL_OP_NO_SSLv3 |
SSL_OP_NO_COMPRESSION);
@@ -2376,6 +2379,27 @@ static void ssl_load_config(struct sstp_serv_t *serv, const char *servername)
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_read_ahead(ssl_ctx, 1);
+#ifndef OPENSSL_NO_DH
+ opt = conf_get_opt("sstp", "ssl-dhparam");
+ if (opt) {
+ DH *dh;
+
+ if (BIO_read_filename(in, opt) <= 0) {
+ log_error("sstp: SSL dhparam error: %s\n", ERR_error_string(ERR_get_error(), NULL));
+ goto error;
+ }
+
+ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+ if (dh == NULL) {
+ log_error("sstp: SSL dhparam error: %s\n", ERR_error_string(ERR_get_error(), NULL));
+ goto error;
+ }
+
+ SSL_CTX_set_tmp_dh(ssl_ctx, dh);
+ DH_free(dh);
+ }
+#endif
+
opt = conf_get_opt("sstp", "ssl-ciphers");
if (opt && SSL_CTX_set_cipher_list(ssl_ctx, opt) != 1) {
log_error("sstp: SSL cipher list error: %s\n", ERR_error_string(ERR_get_error(), NULL));
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-27 04:59:58 +0000