diff options
author | Attila Molnar <attilamolnar@hush.com> | 2015-11-10 17:33:29 +0100 |
---|---|---|
committer | Attila Molnar <attilamolnar@hush.com> | 2015-11-10 17:33:29 +0100 |
commit | 693ff4c7fa21a7bf337cd2d30f9bac602ed6beca (patch) | |
tree | 3689f61b7ae65eba5f0130062e4cd95d9d1fc69e | |
parent | 56ed930a046723a43f4fd98caf2098825b6fe326 (diff) |
m_ssl_gnutls Remove DH parameter generation
Generating DH params like this blocked the main thread, significantly slowing down startup and it made /rehash ssl freeze the server until the generation finished. External tools such as our genssl should be used to generate DH params.
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 962e80d28..d0b9bbe88 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -209,14 +209,6 @@ namespace GnuTLS return dh; } - /** Generate */ - static std::auto_ptr<DHParams> Generate(unsigned int bits) - { - std::auto_ptr<DHParams> dh(new DHParams); - ThrowOnError(gnutls_dh_params_generate2(dh->dh_params, bits), "Unable to generate DH params"); - return dh; - } - ~DHParams() { gnutls_dh_params_deinit(dh_params); @@ -570,15 +562,7 @@ namespace GnuTLS std::string certstr = ReadFile(tag->getString("certfile", "cert.pem")); std::string keystr = ReadFile(tag->getString("keyfile", "key.pem")); - std::auto_ptr<DHParams> dh; - int gendh = tag->getInt("gendh"); - if (gendh) - { - gendh = (gendh < 1024 ? 1024 : gendh); - dh = DHParams::Generate(gendh); - } - else - dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem"))); + std::auto_ptr<DHParams> dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem"))); // Use default priority string if this tag does not specify one std::string priostr = tag->getString("priority", "NORMAL"); |