summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2015-11-10 17:33:29 +0100
committerAttila Molnar <attilamolnar@hush.com>2015-11-10 17:33:29 +0100
commit693ff4c7fa21a7bf337cd2d30f9bac602ed6beca (patch)
tree3689f61b7ae65eba5f0130062e4cd95d9d1fc69e
parent56ed930a046723a43f4fd98caf2098825b6fe326 (diff)
m_ssl_gnutls Remove DH parameter generation
Generating DH params like this blocked the main thread, significantly slowing down startup and it made /rehash ssl freeze the server until the generation finished. External tools such as our genssl should be used to generate DH params.
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp18
1 files changed, 1 insertions, 17 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 962e80d28..d0b9bbe88 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -209,14 +209,6 @@ namespace GnuTLS
return dh;
}
- /** Generate */
- static std::auto_ptr<DHParams> Generate(unsigned int bits)
- {
- std::auto_ptr<DHParams> dh(new DHParams);
- ThrowOnError(gnutls_dh_params_generate2(dh->dh_params, bits), "Unable to generate DH params");
- return dh;
- }
-
~DHParams()
{
gnutls_dh_params_deinit(dh_params);
@@ -570,15 +562,7 @@ namespace GnuTLS
std::string certstr = ReadFile(tag->getString("certfile", "cert.pem"));
std::string keystr = ReadFile(tag->getString("keyfile", "key.pem"));
- std::auto_ptr<DHParams> dh;
- int gendh = tag->getInt("gendh");
- if (gendh)
- {
- gendh = (gendh < 1024 ? 1024 : gendh);
- dh = DHParams::Generate(gendh);
- }
- else
- dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
+ std::auto_ptr<DHParams> dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
// Use default priority string if this tag does not specify one
std::string priostr = tag->getString("priority", "NORMAL");