Do not load empty DH param data ...

- Let the library set up forward secrecy if not used
author: David Timber <dxdt@dev.snart.me> 2022-11-05 19:34:07 +0800
committer: David Timber <dxdt@dev.snart.me> 2022-11-05 19:34:07 +0800
commit: 5fd13be001b654fda70a8f6d919a84fcd8f31d4d (patch)
tree: 8a6d5eded194f2b8e5fa4a7929e2f81a46b0d7e9 /src/proone.c
parent: 1fb630b7df7d65c436f7486266671f9eb942067c (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/src/proone.c b/src/proone.c
index 843d75a..6805e0b 100644
--- a/src/proone.c
+++ b/src/proone.c
@@ -876,17 +876,19 @@ static void load_ssl_conf (void) {
 				0);
 			BREAKIF_ERR("mbedtls_pk_parse_key");
 			data = prne_dvault_get_bin(PRNE_DATA_KEY_X509_DH, &dvlen);
-			mret = mbedtls_dhm_parse_dhm(&prne_g.s_ssl.dhm, data, dvlen);
-			BREAKIF_ERR("mbedtls_dhm_parse_dhm");
+			if (dvlen > 0) {
+				mret = mbedtls_dhm_parse_dhm(&prne_g.s_ssl.dhm, data, dvlen);
+				BREAKIF_ERR("mbedtls_dhm_parse_dhm");
+				mret = mbedtls_ssl_conf_dh_param_ctx(
+					&prne_g.s_ssl.conf,
+					&prne_g.s_ssl.dhm);
+				BREAKIF_ERR("mbedtls_ssl_conf_dh_param_ctx");
+			}
 			mret = mbedtls_ssl_conf_own_cert(
 				&prne_g.s_ssl.conf,
 				&prne_g.s_ssl.crt,
 				&prne_g.s_ssl.pk);
 			BREAKIF_ERR("mbedtls_ssl_conf_own_cert");
-			mret = mbedtls_ssl_conf_dh_param_ctx(
-				&prne_g.s_ssl.conf,
-				&prne_g.s_ssl.dhm);
-			BREAKIF_ERR("mbedtls_ssl_conf_dh_param_ctx");
 			mret = mbedtls_ssl_conf_alpn_protocols(
 				&prne_g.s_ssl.conf,
 				ALP_LIST);
author	David Timber <dxdt@dev.snart.me>	2022-11-05 19:34:07 +0800
committer	David Timber <dxdt@dev.snart.me>	2022-11-05 19:34:07 +0800
commit	5fd13be001b654fda70a8f6d919a84fcd8f31d4d (patch)
tree	8a6d5eded194f2b8e5fa4a7929e2f81a46b0d7e9 /src/proone.c
parent	1fb630b7df7d65c436f7486266671f9eb942067c (diff)