+ if(SSL_CTX_use_PrivateKey_file(ssl_ctx_new, keyfile, SSL_FILETYPE_PEM) != 1)
+ {
+ rb_lib_log("%s: SSL_CTX_use_PrivateKey_file ('%s'): %s", __func__, keyfile,
+ rb_ssl_strerror(rb_ssl_last_err()));
+
+ SSL_CTX_free(ssl_ctx_new);
+ return 0;
+ }
+
+ if(dhfile == NULL)
+ {
+ rb_lib_log("%s: no DH parameters file specified", __func__);
+ }
+ else
+ {
+ FILE *const dhf = fopen(dhfile, "r");
+ DH *dhp = NULL;
+
+ if(dhf == NULL)
+ {
+ rb_lib_log("%s: fopen ('%s'): %s", __func__, dhfile, strerror(errno));
+ }
+ else if(PEM_read_DHparams(dhf, &dhp, NULL, NULL) == NULL)
+ {
+ rb_lib_log("%s: PEM_read_DHparams ('%s'): %s", __func__, dhfile,
+ rb_ssl_strerror(rb_ssl_last_err()));
+ fclose(dhf);
+ }
+ else
+ {
+ SSL_CTX_set_tmp_dh(ssl_ctx_new, dhp);
+ DH_free(dhp);
+ fclose(dhf);
+ }
+ }
+
+ if(SSL_CTX_set_cipher_list(ssl_ctx_new, cipherlist) != 1)
+ {
+ rb_lib_log("%s: SSL_CTX_set_cipher_list: could not configure any ciphers", __func__);
+ SSL_CTX_free(ssl_ctx_new);
+ return 0;
+ }
+
+ SSL_CTX_set_session_cache_mode(ssl_ctx_new, SSL_SESS_CACHE_OFF);
+ SSL_CTX_set_verify(ssl_ctx_new, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
+
+ #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ (void) SSL_CTX_clear_options(ssl_ctx_new, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);