From 693ff4c7fa21a7bf337cd2d30f9bac602ed6beca Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 10 Nov 2015 17:33:29 +0100 Subject: m_ssl_gnutls Remove DH parameter generation Generating DH params like this blocked the main thread, significantly slowing down startup and it made /rehash ssl freeze the server until the generation finished. External tools such as our genssl should be used to generate DH params. --- src/modules/extra/m_ssl_gnutls.cpp | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 962e80d28..d0b9bbe88 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -209,14 +209,6 @@ namespace GnuTLS return dh; } - /** Generate */ - static std::auto_ptr Generate(unsigned int bits) - { - std::auto_ptr dh(new DHParams); - ThrowOnError(gnutls_dh_params_generate2(dh->dh_params, bits), "Unable to generate DH params"); - return dh; - } - ~DHParams() { gnutls_dh_params_deinit(dh_params); @@ -570,15 +562,7 @@ namespace GnuTLS std::string certstr = ReadFile(tag->getString("certfile", "cert.pem")); std::string keystr = ReadFile(tag->getString("keyfile", "key.pem")); - std::auto_ptr dh; - int gendh = tag->getInt("gendh"); - if (gendh) - { - gendh = (gendh < 1024 ? 1024 : gendh); - dh = DHParams::Generate(gendh); - } - else - dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem"))); + std::auto_ptr dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem"))); // Use default priority string if this tag does not specify one std::string priostr = tag->getString("priority", "NORMAL"); -- cgit v1.2.3