SSL_CTX *
evssl_init()
{
DH *dh;
SSL_CTX *ctx;
SSL_load_error_strings();
SSL_library_init();
RAND_poll();
if ((passport = pki_passport_load_from_file(cfg->cert,
cfg->pkey, cfg->tcert)) == NULL) {
return NULL;
}
if ((ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) {
jlog(L_ERROR, "SSL_CTX_new failed");
return NULL;
}
if ((dh = get_dh_1024()) == NULL) {
jlog(L_ERROR, "get_dh_1024 failed");
goto out;
}
if ((SSL_CTX_set_tmp_dh(ctx, dh)) == 0) {
jlog(L_ERROR, "SSL_CTX_set_tmp_dh failed");
goto out;
}
//SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES256-GCM-SHA384");
if ((SSL_CTX_set_cipher_list(ctx, "AES256-GCM-SHA384")) == 0) {
jlog(L_ERROR, "SSL_CTX_set_cipher failed");
goto out;
}
SSL_CTX_set_cert_store(ctx, passport->cacert_store);
if ((SSL_CTX_use_certificate(ctx, passport->certificate)) == 0) {
jlog(L_ERROR, "SSL_CTX_use_certificate failed");
goto out;
}
if ((SSL_CTX_use_PrivateKey(ctx, passport->keyring)) == 0) {
jlog(L_ERROR, "SSL_CTX_use_PrivateKey failed");
goto out;
}
DH_free(dh);
return ctx;
out:
DH_free(dh);
SSL_CTX_free(ctx);
return NULL;
}
static int krypt_set_adh(krypt_t *kconn)
{
SSL_CTX_set_cipher_list(kconn->ctx, "ADH");
DH *dh = get_dh_1024();
SSL_CTX_set_tmp_dh(kconn->ctx, dh);
DH_free(dh);
SSL_CTX_set_tmp_dh_callback(kconn->ctx, tmp_dh_callback);
SSL_CTX_set_verify(kconn->ctx, SSL_VERIFY_NONE, NULL);
return 0;
}
