From 15c3e87bc590719728a937c2d3f8287632e4f109 Mon Sep 17 00:00:00 2001 From: Gioacchino Mazzurco Date: Sun, 1 Mar 2020 01:38:26 +0100 Subject: [PATCH] Add option to disable DH init check for faster init The check is not necessary and on Android it takes around 1 minute to complete. --- libretroshare/src/pqi/authssl.cc | 10 ++++++++-- retroshare.pri | 11 +++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index 352c853e0..3365a6312 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -404,10 +404,16 @@ int AuthSSLimpl::InitAuth( std::cout.flush() ; +#ifndef RS_DISABLE_DIFFIE_HELLMAN_INIT_CHECK if(DH_check(dh, &codes) && codes == 0) - SSL_CTX_set_tmp_dh(sslctx, dh); + SSL_CTX_set_tmp_dh(sslctx, dh); else - pfs_enabled = false ; + pfs_enabled = false; +#else // ndef RS_DISABLE_DIFFIE_HELLMAN_INIT_CHECK + /* DH_check(...) is not strictly necessary and on Android devices it + * takes at least one minute which is untolerable there */ + SSL_CTX_set_tmp_dh(sslctx, dh); +#endif // ndef RS_DISABLE_DIFFIE_HELLMAN_INIT_CHECK } else pfs_enabled = false ; diff --git a/retroshare.pri b/retroshare.pri index 977bb84f7..6bccc1f5a 100644 --- a/retroshare.pri +++ b/retroshare.pri @@ -191,6 +191,15 @@ no_rs_service_webui_terminal_password:CONFIG -= rs_service_webui_terminal_passwo CONFIG *= rs_service_terminal_login no_rs_service_terminal_login:CONFIG -= rs_service_terminal_login +# To disable Diffie Hellman group check at init append the following assignation +# to qmake command line "CONFIG+=no_rs_dh_init_check" +# this check is not strictly needed and on some platform is very slow. +# On Android it takes at least one minute at startup which is untolerable for +# most phone users +CONFIG+=rs_dh_init_check +no_rs_dh_init_check:CONFIG -= rs_dh_init_check + + # Specify host precompiled jsonapi-generator path, appending the following # assignation to qmake command line # 'JSONAPI_GENERATOR_EXE=/myBuildDir/jsonapi-generator'. Required for JSON API @@ -552,6 +561,8 @@ rs_use_native_dialogs:DEFINES *= RS_NATIVEDIALOGS rs_broadcast_discovery:DEFINES *= RS_BROADCAST_DISCOVERY +no_rs_dh_init_check:DEFINES *= RS_DISABLE_DIFFIE_HELLMAN_INIT_CHECK + debug { QMAKE_CXXFLAGS -= -O2 -fomit-frame-pointer QMAKE_CFLAGS -= -O2 -fomit-frame-pointer