Move EDH support to common files

The EDH support is not really specific to the OpenSSL implementation, so move the support and documentation comments to common files.
author: Peter Eisentraut 2018-01-19 17:18:42 +0000
committer: Peter Eisentraut 2018-01-23 12:11:38 +0000
commit: 573bd08b99e277026e87bb55ae69c489fab321b8 (patch)
tree: 417798497cf2e9f7990f7a90a7bc533f46555a78 /src/include
parent: 7404e77cc1192855afef28ae557993ba6f35c16e (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
index 49cb2631104..a38849b0d0b 100644
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@@ -194,6 +194,25 @@ typedef struct Port
 
 #ifdef USE_SSL
 /*
+ *	Hardcoded DH parameters, used in ephemeral DH keying.  (See also
+ *	README.SSL for more details on EDH.)
+ *
+ *	If you want to create your own hardcoded DH parameters
+ *	for fun and profit, review "Assigned Number for SKIP
+ *	Protocols" (http://www.skip-vpn.org/spec/numbers.html)
+ *	for suggestions.
+ */
+#define FILE_DH2048 \
+"-----BEGIN DH PARAMETERS-----\n\
+MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
+89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
+T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
+zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
+Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
+CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
+-----END DH PARAMETERS-----\n"
+
+/*
  * These functions are implemented by the glue code specific to each
  * SSL implementation (e.g. be-secure-openssl.c)
  */
author	Peter Eisentraut	2018-01-19 17:18:42 +0000
committer	Peter Eisentraut	2018-01-23 12:11:38 +0000
commit	573bd08b99e277026e87bb55ae69c489fab321b8 (patch)
tree	417798497cf2e9f7990f7a90a7bc533f46555a78 /src/include
parent	7404e77cc1192855afef28ae557993ba6f35c16e (diff)