SSL_CTX * evssl_init() { DH *dh; SSL_CTX *ctx; SSL_load_error_strings(); SSL_library_init(); RAND_poll(); if ((passport = pki_passport_load_from_file(cfg->cert, cfg->pkey, cfg->tcert)) == NULL) { return NULL; } if ((ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) { jlog(L_ERROR, "SSL_CTX_new failed"); return NULL; } if ((dh = get_dh_1024()) == NULL) { jlog(L_ERROR, "get_dh_1024 failed"); goto out; } if ((SSL_CTX_set_tmp_dh(ctx, dh)) == 0) { jlog(L_ERROR, "SSL_CTX_set_tmp_dh failed"); goto out; } //SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES256-GCM-SHA384"); if ((SSL_CTX_set_cipher_list(ctx, "AES256-GCM-SHA384")) == 0) { jlog(L_ERROR, "SSL_CTX_set_cipher failed"); goto out; } SSL_CTX_set_cert_store(ctx, passport->cacert_store); if ((SSL_CTX_use_certificate(ctx, passport->certificate)) == 0) { jlog(L_ERROR, "SSL_CTX_use_certificate failed"); goto out; } if ((SSL_CTX_use_PrivateKey(ctx, passport->keyring)) == 0) { jlog(L_ERROR, "SSL_CTX_use_PrivateKey failed"); goto out; } DH_free(dh); return ctx; out: DH_free(dh); SSL_CTX_free(ctx); return NULL; }
static int krypt_set_adh(krypt_t *kconn) { SSL_CTX_set_cipher_list(kconn->ctx, "ADH"); DH *dh = get_dh_1024(); SSL_CTX_set_tmp_dh(kconn->ctx, dh); DH_free(dh); SSL_CTX_set_tmp_dh_callback(kconn->ctx, tmp_dh_callback); SSL_CTX_set_verify(kconn->ctx, SSL_VERIFY_NONE, NULL); return 0; }