ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-10 19:19:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

m_ssl_gnutls Remove DH parameter generation

Browse Source 
Generating DH params like this blocked the main thread, significantly slowing down startup and it made /rehash ssl freeze the server until the generation finished. External tools such as our genssl should be used to generate DH params.
This commit is contained in:
Attila Molnar 2015-11-10 17:33:29 +01:00
parent 56ed930a04
commit 693ff4c7fa
1 changed files with 1 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/modules/extra/m_ssl_gnutls.cpp
View File

@ -209,14 +209,6 @@ namespace GnuTLS
return dh;
}
/** Generate */
static std::auto_ptr<DHParams> Generate(unsigned int bits)
{
std::auto_ptr<DHParams> dh(new DHParams);
ThrowOnError(gnutls_dh_params_generate2(dh->dh_params, bits), "Unable to generate DH params");
return dh;
}
~DHParams()
{
gnutls_dh_params_deinit(dh_params);
@ -570,15 +562,7 @@ namespace GnuTLS
std::string certstr = ReadFile(tag->getString("certfile", "cert.pem"));
std::string keystr = ReadFile(tag->getString("keyfile", "key.pem"));
std::auto_ptr<DHParams> dh;
int gendh = tag->getInt("gendh");
if (gendh)
{
gendh = (gendh < 1024 ? 1024 : gendh);
dh = DHParams::Generate(gendh);
}
else
dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
std::auto_ptr<DHParams> dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
// Use default priority string if this tag does not specify one
std::string priostr = tag->getString("priority", "NORMAL");