default params for dh implemented

FossilOrigin-Name: a57ff3b0c45f4ddd9bec59ab4ce047ca1dd7729d78f12f4ad56950add5104f5b

src/cw/dtls_gnutls_accept.c

@@ -43,10 +43,14 @@ int dtls_gnutls_accept(struct conn *conn)
 	uint8_t buffer[2048];
 	int tlen, rc;
 	time_t c_timer;
+	int bits;
 
 	gnutls_datum_t cookie_key;
 	gnutls_dtls_prestate_st prestate;
 	
+	
+
+	
 	gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
 	cw_dbg(DBG_DTLS, "Session cookie for %s generated: %s",
 	       sock_addr2str(&conn->addr,sock_buf), 
@@ -106,6 +110,24 @@ int dtls_gnutls_accept(struct conn *conn)
 	if (!d)
 		return 0;
 
+
+	/* Generate Diffie-Hellman parameters - for use with DHE
+         * kx algorithms. When short bit length is used, it might
+         * be wise to regenerate parameters often.
+         */
+	/*bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);*/
+	bits = conn->dtls_dhbits;
+	
+	gnutls_dh_params_init(&d->dh_params);
+
+	cw_dbg(DBG_DTLS,"Generating DH params, %d",bits);
+        gnutls_dh_params_generate2(d->dh_params, bits);
+	cw_dbg(DBG_DTLS,"DH params generated, %d",bits);
+
+        gnutls_certificate_set_dh_params(d->x509_cred, d->dh_params);
+
+
+
 	gnutls_certificate_server_set_request(d->session,GNUTLS_CERT_REQUEST);
 	gnutls_dtls_prestate_set(d->session, &prestate);