Hm; looks like the callback business was unnecessary, since DHparams_dup() copies dh->length.

svn:r5372
2024-11-20 10:12:15 +01:00 · 2005-11-14 21:17:38 +00:00 · 2005-11-14 21:17:38 +00:00 · e022aa73e6
commit e022aa73e6
parent 027d0ef18c
1 changed files with 3 additions and 17 deletions
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -290,21 +290,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
 #define CIPHER_LIST SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
 #endif

-static DH *
-dh_callback(SSL *ssl, int is_export, int keylength)
-{
-  DH *dh;
-  crypto_dh_env_t *env = crypto_dh_new();
-  crypto_dh_generate_public(env);
-  dh = _crypto_dh_env_get_dh(env);
-  notice(LD_CRYPTO, "%d references to the DH key?", dh->references);
-  ++dh->references;
-  crypto_dh_free(env);
-  --dh->references;
-  notice(LD_CRYPTO, "%d references to the DH key!", dh->references);
-  return dh;
-}
-
 /** Create a new TLS context.  If we are going to be using it as a
 * server, it must have isServer set to true, <b>identity</b> set to the
 * identity key used to sign that certificate, and <b>nickname</b> set to
@ -391,7 +376,9 @@ tor_tls_context_new(crypto_pk_env_t *identity,
      if (!SSL_CTX_check_private_key(*ctx))
        goto error;
    }
-    SSL_CTX_set_tmp_dh_callback(*ctx, dh_callback);
+    dh = crypto_dh_new();
+    SSL_CTX_set_tmp_dh(*ctx, _crypto_dh_env_get_dh(dh));
+    crypto_dh_free(dh);
    SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER,
                       always_accept_verify_cb);
    /* let us realloc bufs that we're writing from */
@ -452,7 +439,6 @@ tor_tls_new(int sock, int isServer, int use_no_cert)
  result->state = TOR_TLS_ST_HANDSHAKE;
  result->isServer = isServer;
  result->wantwrite_n = 0;
-  SSL_set_tmp_dh_callback(result->ssl,dh_callback);
  /* Not expected to get called. */
  tls_log_errors(LOG_WARN, "generating TLS context");
  return result;