Project

General

Profile

Actions

Feature #11356

closed

Add ECDH support to OpenSSL wrapper

Added by tenderlovemaking (Aaron Patterson) over 8 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:69986]

Description

FireFox wants to use ECDH on HTTP/2 connections, and there is no way to add it to the SSL context. This patch adds an ECDH callback (similar to the DH callback).

With this patch and #9390, I am able to get an HTTP/2 server running in Chrome and FireFox! :)


Files

0001-add-ecdh-support.patch (6.81 KB) 0001-add-ecdh-support.patch tenderlovemaking (Aaron Patterson), 07/15/2015 09:10 PM
0001-add-ecdh-support.patch (6.78 KB) 0001-add-ecdh-support.patch tenderlovemaking (Aaron Patterson), 07/17/2015 03:08 PM

Related issues 2 (0 open2 closed)

Related to Ruby master - Bug #10497: OpenSSL Servers Do Not Support EC CertificatesClosedActions
Related to Ruby master - Bug #11739: OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuitesRejectedActions

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

static VALUE
ossl_call_tmp_ecdh_callback(VALUE *args)

I think this argument should be a VALUE and casted in the function.

    success = rb_protect((VALUE(*)_((VALUE)))ossl_call_tmp_ecdh_callback,
                         (VALUE)args, NULL);

Then we can remove the cast of the function and an indirect cast.

Updated by tenderlovemaking (Aaron Patterson) over 8 years ago

@nobu (Nobuyoshi Nakada),

Thanks for the feedback! I've attached a new patch that refactors those parts.

Actions #3

Updated by Anonymous over 8 years ago

  • Status changed from Open to Closed

Applied in changeset r51348.


  • ext/openssl/ossl_ssl.c: add ECDH callback support. [Feature #11356]

  • test/openssl/test_pair.rb: test for ECDH callback support

Actions #4

Updated by rhenium (Kazuki Yamaguchi) over 7 years ago

  • Related to Bug #10497: OpenSSL Servers Do Not Support EC Certificates added
Actions #5

Updated by rhenium (Kazuki Yamaguchi) over 7 years ago

  • Related to Bug #11739: OpenSSL::SSL::SSLServer doesn't negotiate ECDHE-* ciphersuites added
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0