diff --git a/lib/ssl.c b/lib/ssl.c index 4b2b2fbe..59a7425f 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -84,6 +84,53 @@ OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) return !n; } +static int +lws_context_ssl_init_ecdh(struct lws_context *context) +{ +#ifdef LWS_SSL_SERVER_WITH_ECDH_CERT + int KeyType; + EC_KEY *EC_key = NULL; + X509 *x; + EVP_PKEY *pkey; + + if (!(context->options & LWS_SERVER_OPTION_SSL_ECDH)) + return 0; + + lwsl_notice(" Using ECDH certificate support\n"); + + /* Get X509 certificate from ssl context */ + x = sk_X509_value(context->ssl_ctx->extra_certs, 0); + if (!x) { + lwsl_err("%s: x is NULL\n", __func__); + return 1; + } + /* Get the public key from certificate */ + pkey = X509_get_pubkey(x); + if (!pkey) { + lwsl_err("%s: pkey is NULL\n", __func__); + + return 1; + } + /* Get the key type */ + KeyType = EVP_PKEY_type(pkey->type); + + if (EVP_PKEY_EC != KeyType) { + lwsl_err("Key type is not EC\n"); + return 1; + } + /* Get the key */ + EC_key = EVP_PKEY_get1_EC_KEY(pkey); + /* Set ECDH parameter */ + if (!EC_key) { + lwsl_err("%s: ECDH key is NULL \n", __func__); + return 1; + } + SSL_CTX_set_tmp_ecdh(context->ssl_ctx, EC_key); + EC_KEY_free(EC_key); +#endif + return 0; +} + LWS_VISIBLE int lws_context_init_server_ssl(struct lws_context_creation_info *info, struct lws_context *context) @@ -92,12 +139,6 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, struct lws wsi; int error; int n; -#ifdef LWS_SSL_SERVER_WITH_ECDH_CERT - int KeyType; - EC_KEY *EC_key = NULL; - X509 *x; - EVP_PKEY *pkey; -#endif if (info->port != CONTEXT_PORT_NO_LISTEN) { @@ -249,33 +290,8 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, return 1; } -#ifdef LWS_SSL_SERVER_WITH_ECDH_CERT - if (context->options & LWS_SERVER_OPTION_SSL_ECDH) { - lwsl_notice(" Using ECDH certificate support\n"); - - /* Get X509 certificate from ssl context */ - x = sk_X509_value(context->ssl_ctx->extra_certs, 0); - /* Get the public key from certificate */ - pkey = X509_get_pubkey(x); - /* Get the key type */ - KeyType = EVP_PKEY_type(pkey->type); - - if (EVP_PKEY_EC != KeyType) { - lwsl_err("Key type is not EC\n"); - return 1; - } - /* Get the key */ - EC_key = EVP_PKEY_get1_EC_KEY(pkey); - /* Set ECDH parameter */ - if (!EC_key) { - error = ERR_get_error(); - lwsl_err("ECDH key is NULL \n"); - return 1; - } - SSL_CTX_set_tmp_ecdh(context->ssl_ctx, EC_key); - EC_KEY_free(EC_key); - } -#endif + if (lws_context_ssl_init_ecdh(context)) + return 1; /* * SSL is happy and has a cert it's content with