From a0fd35b05476b45d8a10a299a6b32c8cca0264d9 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 21 Mar 2021 12:50:47 +0500 Subject: [PATCH] BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro let us use feature macro SSL_CTX_set_tmp_ecdh instead of comparing openssl version --- src/cfgparse-ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 16cac6ec4..7d14fa0a9 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -722,7 +722,7 @@ static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct /* parse the "ecdhe" bind keyword keyword */ static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, int from_cli, char **err) { -#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL +#if !defined(SSL_CTX_set_tmp_ecdh) memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]); return ERR_ALERT | ERR_FATAL; #elif defined(OPENSSL_NO_ECDH)