httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Two questions on mod_ssl source code details
Date Fri, 22 May 2015 16:29:32 GMT
1) In other code I see

     EC_KEY_free(ecdh);

after

   EC_KEY *ecdh = EC_KEY_new_by_curve_name(...)
and using ecdh, e.g. in
   SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);

Should we add the free? Or is it not needed? Anyone knows why?

2) In modules/ssl/ssl_private.h I see

/**
   * The following features all depend on TLS extension support.
   * Within this block, check again for features (not version numbers).
   */
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)

#define HAVE_TLSEXT

and then further checks and defines for OCSP, Session Tickets, SRP, 
ALPN, all inside this "if" block.

Is it really true, that they are only supported if 
SSL_set_tlsext_host_name is defined? That function seems to belong only 
to SNI.

Should we switch the code to:

/**
   * The following features all depend on TLS extension support.
   * Within this block, check again for features (not version numbers).
   */
#if !defined(OPENSSL_NO_TLSEXT)

#define HAVE_TLSEXT

#if defined(SSL_set_tlsext_host_name)
#define HAVE_SNI
#endif

and then use HAVE_SNI where appropriate.

Regards,

Rainer

Mime
View raw message