/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2008-2013 The OpenLDAP Foundation.
+ * Copyright 2008-2015 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
DH_free( dh );
}
-#ifdef SSL_OP_SINGLE_ECDH_USE
if ( is_server && lo->ldo_tls_ecname ) {
+#ifdef OPENSSL_NO_EC
+ Debug( LDAP_DEBUG_ANY,
+ "TLS: Elliptic Curves not supported.\n", 0,0,0 );
+ return -1;
+#else
EC_KEY *ecdh;
int nid = OBJ_sn2nid( lt->lt_ecname );
SSL_CTX_set_tmp_ecdh( ctx, ecdh );
SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );
EC_KEY_free( ecdh );
- }
#endif
+ }
if ( tlso_opt_trace ) {
SSL_CTX_set_info_callback( ctx, tlso_info_cb );
return SSL_CIPHER_get_name(SSL_get_current_cipher(s));
}
+static int
+tlso_session_peercert( tls_session *sess, struct berval *der )
+{
+ tlso_session *s = (tlso_session *)sess;
+ unsigned char *ptr;
+ X509 *x = SSL_get_peer_certificate(s);
+ der->bv_len = i2d_X509(x, NULL);
+ der->bv_val = LDAP_MALLOC(der->bv_len);
+ if ( !der->bv_val )
+ return -1;
+ ptr = der->bv_val;
+ i2d_X509(x, &ptr);
+ return 0;
+}
+
/*
* TLS support for LBER Sockbufs
*/
tlso_session_unique,
tlso_session_version,
tlso_session_cipher,
+ tlso_session_peercert,
&tlso_sbio,