From a52bb15cc78ecf07f2c4be3f6e5aba417dafd098 Mon Sep 17 00:00:00 2001 From: Emmanuel Hocdet Date: Mon, 20 Mar 2017 11:11:49 +0100 Subject: [PATCH] BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility SSL_CTX_set_ecdh_auto is declared (when present) with #define. A simple #ifdef avoid to list all cases of ssllibs. It's a placebo in new ssllibs. It's ok with openssl 1.0.1, 1.0.2, 1.1.0, libressl and boringssl. Thanks to Piotr Kubaj for postponing and testing with libressl. --- include/proto/openssl-compat.h | 6 ------ src/ssl_sock.c | 5 +++-- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h index f9ecc9955..c56619951 100644 --- a/include/proto/openssl-compat.h +++ b/include/proto/openssl-compat.h @@ -182,10 +182,4 @@ static inline int EVP_PKEY_base_id(EVP_PKEY *pkey) #define RAND_pseudo_bytes(x,y) RAND_bytes(x,y) #endif -/* This function does nothing in 1.1.0 and doesn't exist in boringssl */ -#if defined(OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010000fL) -#undef SSL_CTX_set_ecdh_auto -#define SSL_CTX_set_ecdh_auto(ctx, onoff) -#endif - #endif /* _PROTO_OPENSSL_COMPAT_H */ diff --git a/src/ssl_sock.c b/src/ssl_sock.c index f947c9965..1e63c5703 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3402,8 +3402,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_ curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line); cfgerr++; } - else - SSL_CTX_set_ecdh_auto(ctx, 1); +#if defined(SSL_CTX_set_ecdh_auto) + (void)SSL_CTX_set_ecdh_auto(ctx, 1); +#endif } #endif #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)