lib: Fix DH group not being set for TLS connections.

This meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
5 years ago · d8dcfd75fe
parent b7f0161f52
commit d8dcfd75fe
2 changed files with 8 additions and 0 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -4,6 +4,10 @@ Broker:
 - Fix DH group not being set for TLS connections, which meant ciphers using
  DHE couldn't be used. Closes #1925. Closes #1476.

+Client library:
+- Fix DH group not being set for TLS connections, which meant ciphers using
+  DHE couldn't be used. Closes #1925. Closes #1476.
+
 Apps:
 - Fix `mosquitto_passwd -U`

--- a/lib/net_mosq.c
+++ b/lib/net_mosq.c
@ -715,6 +715,10 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
 			return MOSQ_ERR_INVAL;
 		}

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		/* Allow use of DHE ciphers */
+		SSL_CTX_set_dh_auto(mosq->ssl_ctx, 1);
+#endif
 		/* Disable compression */
 		SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_COMPRESSION);