New options: dhfile and s2s_dhfile

Let admins specify a file that contains custom parameters for Diffie-Hellman key exchange.
author: Holger Weiss <holger@zedat.fu-berlin.de> 2015-05-26 21:06:04 +0200
committer: Holger Weiss <holger@zedat.fu-berlin.de> 2015-05-26 21:06:04 +0200
commit: 5585fb1ecf6f42226f9804cdf113821cbe3fbd1c (patch)
tree: fc66da81db55ac3a7d54e28cd97bb20b9f487af8 /src
parent: Fix pubsub/odbc crash on remote user unsubscribe (EJAB-1483) (diff)
4 files changed, 16 insertions, 4 deletions
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 5112db7de..9c02899c7 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -292,6 +292,7 @@ init([{SockMod, Socket}, Opts]) ->
 	    StartTLSRequired orelse TLSEnabled,
     TLSOpts1 = lists:filter(fun ({certfile, _}) -> true;
 				({ciphers, _}) -> true;
+				({dhfile, _}) -> true;
 				(_) -> false
 			    end,
 			    Opts),
diff --git a/src/ejabberd_http.erl b/src/ejabberd_http.erl
index 4e7f4b554..4e3fe8e0e 100644
--- a/src/ejabberd_http.erl
+++ b/src/ejabberd_http.erl
@@ -95,6 +95,7 @@ init({SockMod, Socket}, Opts) ->
     TLSEnabled = proplists:get_bool(tls, Opts),
     TLSOpts1 = lists:filter(fun ({certfile, _}) -> true;
 				({ciphers, _}) -> true;
+				({dhfile, _}) -> true;
 				(_) -> false
 			    end,
 			    Opts),
diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 1b40f03c2..c51314c36 100644
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -184,9 +184,14 @@ init([{SockMod, Socket}, Opts]) ->
                    undefined -> TLSOpts2;
                    ProtocolOpts -> [{protocol_options, ProtocolOpts} | TLSOpts2]
                end,
+    TLSOpts4 = case ejabberd_config:get_option(
+                      s2s_dhfile, fun iolist_to_binary/1) of
+                   undefined -> TLSOpts3;
+                   DHFile -> [{dhfile, DHFile} | TLSOpts3]
+               end,
     TLSOpts = case proplists:get_bool(tls_compression, Opts) of
-                  false -> [compression_none | TLSOpts3];
-                  true -> TLSOpts3
+                  false -> [compression_none | TLSOpts4];
+                  true -> TLSOpts4
               end,
     Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
     {ok, wait_for_stream,
diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl
index 6196f136f..44287632b 100644
--- a/src/ejabberd_s2s_out.erl
+++ b/src/ejabberd_s2s_out.erl
@@ -207,13 +207,18 @@ init([From, Server, Type]) ->
                    undefined -> TLSOpts2;
                    ProtocolOpts -> [{protocol_options, ProtocolOpts} | TLSOpts2]
                end,
+    TLSOpts4 = case ejabberd_config:get_option(
+                      s2s_dhfile, fun iolist_to_binary/1) of
+                   undefined -> TLSOpts3;
+                   DHFile -> [{dhfile, DHFile} | TLSOpts3]
+               end,
     TLSOpts = case ejabberd_config:get_option(
                      {s2s_tls_compression, From},
                      fun(true) -> true;
                         (false) -> false
                      end, true) of
-                  false -> [compression_none | TLSOpts3];
-                  true -> TLSOpts3
+                  false -> [compression_none | TLSOpts4];
+                  true -> TLSOpts4
               end,
     {New, Verify} = case Type of
 		      {new, Key} -> {Key, false};
author	Holger Weiss <holger@zedat.fu-berlin.de>	2015-05-26 21:06:04 +0200
committer	Holger Weiss <holger@zedat.fu-berlin.de>	2015-05-26 21:06:04 +0200
commit	5585fb1ecf6f42226f9804cdf113821cbe3fbd1c (patch)
tree	fc66da81db55ac3a7d54e28cd97bb20b9f487af8 /src
parent	Fix pubsub/odbc crash on remote user unsubscribe (EJAB-1483) (diff)