BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility

SSL_CTX_set_ecdh_auto() is not defined when OpenSSL 1.1.1 is compiled with the no-deprecated option. Remove existing, incomplete guards and add a compatibility macro in openssl-compat.h, just as OpenSSL does: bf4006a6f9/include/openssl/ssl.h (L1486) This should be backported as far as 2.0 and probably even 1.9.
2025-09-24 23:31:40 +02:00 · 2019-12-20 18:47:18 +01:00 · 2019-12-20 18:47:18 +01:00 · a26d1e1324
commit a26d1e1324
parent eec7f8ac01
2 changed files with 4 additions and 2 deletions
--- a/include/common/openssl-compat.h
+++ b/include/common/openssl-compat.h
@ -374,5 +374,9 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey)
 #define BIO_meth_set_destroy(m, f) do { (m)->destroy = (f); } while (0)
 #endif

+#ifndef SSL_CTX_set_ecdh_auto
+#define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
+#endif
+
 #endif /* USE_OPENSSL */
 #endif /* _COMMON_OPENSSL_COMPAT_H */
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -5178,9 +5178,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
 			          err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
 			cfgerr |= ERR_ALERT | ERR_FATAL;
 		}
-#if defined(SSL_CTX_set_ecdh_auto)
 		(void)SSL_CTX_set_ecdh_auto(ctx, 1);
-#endif
 	}
 #endif
 #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)