[squid-dev] [PATCH] TLS: Add support for EECDH

Amos Jeffries squid3 at treenet.co.nz
Fri Jun 5 19:34:30 UTC 2015


On 6/06/2015 7:21 a.m., Paulo Matias wrote:
> Hi Amos,
> 
> I have implemented your suggestions. The updated patch follows at the
> end of this message. Please tell me if I forgot anything.
> 
> On 04-06-2015 20:39, Amos Jeffries wrote:
>> 1) The 'dhfile' pointer must now never be freed. Since it is either a
>> pointer into tls_dh or eecdhCurve allocated memory.
>>  - It should simply be set to dhfile=NULL where it was free()'d, and now
>> also when the tls_dh and/or eecdhCurve memory is released.
>>  - I spotted the destructor safe_free(dhfile), maybe elsewhere as well.
> 
> The 'dhfile' pointer is still only set by the (deprecated) "dhparams="
> option. The pointer to tls_dh or eecdhCurve is instead copied to the local
> 'dhFile' pointer, which can be discarded without issues after the call
> to Ssl::readDHParams. However I should not have named the local pointer
> 'dhFile', as it causes confusion. I have now renamed it to
> 'dhParamsFile'. Please tell me if I overlooked anything.
> 

Doh. Much better now. :-)


Amos


More information about the squid-dev mailing list