# HG changeset patch # User Aki Tuomi # Date 1519026849 -7200 # Node ID e614a9cc7616725275371a9a8c884cc1fdda21a7 # Parent e47f61de06b769f85c8b14c8daf85d253da9aaf9 login-common,lib-ssl-iostream: Use SSL_CTX_set_ecdh_auto This macro is same for 1.0.2 and 1.1.0 and libressl. diff -r e47f61de06b7 -r e614a9cc7616 src/lib-ssl-iostream/iostream-openssl-context.c --- a/src/lib-ssl-iostream/iostream-openssl-context.c Sun Feb 18 18:11:18 2018 +0200 +++ b/src/lib-ssl-iostream/iostream-openssl-context.c Mon Feb 19 09:54:09 2018 +0200 @@ -378,7 +378,7 @@ return 0; } -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set, int *nid_r, const char **error_r) @@ -412,7 +412,7 @@ const struct ssl_iostream_settings *set ATTR_UNUSED, const char **error_r ATTR_UNUSED) { -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) EC_KEY *ecdh; int nid; const char *curve_name; @@ -425,7 +425,7 @@ used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE); -#ifdef SSL_CTRL_SET_ECDH_AUTO +#ifdef SSL_CTX_set_ecdh_auto /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) { diff -r e47f61de06b7 -r e614a9cc7616 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Sun Feb 18 18:11:18 2018 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Mon Feb 19 09:54:09 2018 +0200 @@ -134,7 +134,7 @@ static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set); -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); #endif @@ -1051,7 +1051,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set ATTR_UNUSED) { -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) EC_KEY *ecdh; int nid; const char *curve_name; @@ -1064,7 +1064,7 @@ used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE); -#ifdef SSL_CTRL_SET_ECDH_AUTO +#ifdef SSL_CTX_set_ecdh_auto /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1); @@ -1157,7 +1157,7 @@ } } -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set) {