diff --git a/ctx.go b/ctx.go index e579d6b..f9e1451 100644 --- a/ctx.go +++ b/ctx.go @@ -46,6 +46,18 @@ static long SSL_CTX_add_extra_chain_cert_not_a_macro(SSL_CTX* ctx, X509 *cert) { return SSL_CTX_add_extra_chain_cert(ctx, cert); } +static long SSL_CTX_auto_enable_ecdh_not_a_macro(SSL_CTX* ctx) { +#if defined(SSL_CTX_set_ecdh_auto) + return SSL_CTX_set_ecdh_auto(ctx, 1); +#else + EC_KEY *k = NULL; + k = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + long result = SSL_CTX_set_tmp_ecdh(ctx, k); + EC_KEY_free(k); + return result; +#endif +} + #ifndef SSL_MODE_RELEASE_BUFFERS #define SSL_MODE_RELEASE_BUFFERS 0 #endif @@ -198,6 +210,17 @@ func NewCtxFromFiles(cert_file string, key_file string) (*Ctx, error) { return ctx, nil } +// EnableECDH sets the elliptic curve on the context to enable an +// ECDH cipher suite to be selected. +func (c *Ctx) EnableECDH() error { + runtime.LockOSThread() + defer runtime.UnlockOSThread() + if int(C.SSL_CTX_auto_enable_ecdh_not_a_macro(c.ctx)) != 1 { + return errorFromErrorQueue() + } + return nil +} + // UseCertificate configures the context to present the given certificate to // peers. func (c *Ctx) UseCertificate(cert *Certificate) error {