34 lines
1.5 KiB
Plaintext
34 lines
1.5 KiB
Plaintext
|
$OpenBSD: patch-src_lib-ssl-iostream_iostream-openssl-context_c,v 1.1 2014/07/30 14:28:24 naddy Exp $
|
||
|
|
||
|
Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number.
|
||
|
|
||
|
--- src/lib-ssl-iostream/iostream-openssl-context.c.orig Tue Nov 19 15:36:30 2013
|
||
|
+++ src/lib-ssl-iostream/iostream-openssl-context.c Tue Jul 29 15:51:04 2014
|
||
|
@@ -416,7 +416,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
|
||
|
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
|
||
|
static int
|
||
|
ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
|
||
|
int *nid_r, const char **error_r)
|
||
|
@@ -446,7 +446,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
|
||
|
const struct ssl_iostream_settings *set ATTR_UNUSED,
|
||
|
const char **error_r ATTR_UNUSED)
|
||
|
{
|
||
|
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
|
||
|
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
|
||
|
EC_KEY *ecdh;
|
||
|
int nid;
|
||
|
const char *curve_name;
|
||
|
@@ -459,7 +459,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
|
||
|
used instead of ECDHE, do not reuse the same ECDH key pair for
|
||
|
different sessions. This option improves forward secrecy. */
|
||
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
|
||
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||
|
+#ifdef SSL_CTRL_SET_ECDH_AUTO
|
||
|
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
|
||
|
selection. */
|
||
|
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
|