Merge pull request #1817 from G10h4ck/optional_dh_init_test

Add option to disable DH init check for faster init
This commit is contained in:
csoler 2020-03-06 11:16:45 +01:00 committed by GitHub
commit 3bd23d612a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 2 deletions

View file

@ -404,10 +404,16 @@ int AuthSSLimpl::InitAuth(
std::cout.flush() ;
#ifndef RS_DISABLE_DIFFIE_HELLMAN_INIT_CHECK
if(DH_check(dh, &codes) && codes == 0)
SSL_CTX_set_tmp_dh(sslctx, dh);
SSL_CTX_set_tmp_dh(sslctx, dh);
else
pfs_enabled = false ;
pfs_enabled = false;
#else // ndef RS_DISABLE_DIFFIE_HELLMAN_INIT_CHECK
/* DH_check(...) is not strictly necessary and on Android devices it
* takes at least one minute which is untolerable there */
SSL_CTX_set_tmp_dh(sslctx, dh);
#endif // ndef RS_DISABLE_DIFFIE_HELLMAN_INIT_CHECK
}
else
pfs_enabled = false ;