diff --git a/changelog b/changelog index 91e1e4be..db8fce70 100644 --- a/changelog +++ b/changelog @@ -1,6 +1,14 @@ Changelog --------- +User API additions +------------------ + +1) There's a new member in struct lws_context_creation_info, ecdh_curve, +which lets you set the name of the ECDH curve OpenSSL should use. By +default (if you leave ecdh_curve NULL) it will use "prime256v1" + + v1.7.0 ====== diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 7db50aa5..6175a3d2 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -1319,6 +1319,7 @@ extern int lws_extension_callback_pm_deflate( * library are protected from hanging forever by timeouts. If * nonzero, this member lets you set the timeout used in seconds. * Otherwise a default timeout is used. + * @ecdh_curve: if NULL, defaults to initializing server with "prime256v1" */ struct lws_context_creation_info { @@ -1353,6 +1354,7 @@ struct lws_context_creation_info { unsigned int count_threads; unsigned int fd_limit_per_thread; unsigned int timeout_secs; + const char *ecdh_curve; /* Add new things just above here ---^ * This is part of the ABI, don't needlessly break compatibility diff --git a/lib/ssl.c b/lib/ssl.c index ac3ad2e8..719f4bf9 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -144,6 +144,9 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info, int ecdh_nid; const char *ecdh_curve = "prime256v1"; + if (info->ecdh_curve) + ecdh_curve = info->ecdh_curve; + ecdh_nid = OBJ_sn2nid(ecdh_curve); if (NID_undef == ecdh_nid) { lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve);