mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-25 15:51:24 +02:00
Code Issues Projects Releases Wiki Activity

BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility

Browse Source 
SSL_CTX_set_ecdh_auto() is not defined when OpenSSL 1.1.1 is compiled
with the no-deprecated option. Remove existing, incomplete guards and
add a compatibility macro in openssl-compat.h, just as OpenSSL does:

bf4006a6f9/include/openssl/ssl.h (L1486)

This should be backported as far as 2.0 and probably even 1.9.
This commit is contained in:
Lukas Tribus 2019-12-20 18:47:18 +01:00 committed by Willy Tarreau
parent eec7f8ac01
commit a26d1e1324
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/common/openssl-compat.h
View File

@ -374,5 +374,9 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey)
#define BIO_meth_set_destroy(m, f) do { (m)->destroy = (f); } while (0) #define BIO_meth_set_destroy(m, f) do { (m)->destroy = (f); } while (0)
#endif #endif
#ifndef SSL_CTX_set_ecdh_auto
#define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0)
#endif
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */
#endif /* _COMMON_OPENSSL_COMPAT_H */ #endif /* _COMMON_OPENSSL_COMPAT_H */

2
src/ssl_sock.c
View File

@ -5178,9 +5178,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line); err && *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr |= ERR_ALERT | ERR_FATAL; cfgerr |= ERR_ALERT | ERR_FATAL;
} }
#if defined(SSL_CTX_set_ecdh_auto)
(void)SSL_CTX_set_ecdh_auto(ctx, 1); (void)SSL_CTX_set_ecdh_auto(ctx, 1);
#endif
} }
#endif #endif
#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH) #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)