From 3ef6a75252af7c737414e1815610cb7e7a256b31 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Mon, 19 Feb 2018 09:54:09 +0200 Subject: [PATCH] login-common,lib-ssl-iostream: Use SSL_CTX_set_ecdh_auto This macro is same for 1.0.2 and 1.1.0 and libressl. --- src/lib-ssl-iostream/iostream-openssl-context.c | 6 +++--- src/login-common/ssl-proxy-openssl.c | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c index 4dca1fd97a..d5b1b3cf43 100644 --- a/src/lib-ssl-iostream/iostream-openssl-context.c +++ b/src/lib-ssl-iostream/iostream-openssl-context.c @@ -378,7 +378,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx, return 0; } -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set, int *nid_r, const char **error_r) @@ -412,7 +412,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct ssl_iostream_settings *set ATTR_UNUSED, const char **error_r ATTR_UNUSED) { -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) EC_KEY *ecdh; int nid; const char *curve_name; @@ -425,7 +425,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE); -#ifdef SSL_CTRL_SET_ECDH_AUTO +#ifdef SSL_CTX_set_ecdh_auto /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) { diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c index e2e065405b..606b3dfa84 100644 --- a/src/login-common/ssl-proxy-openssl.c +++ b/src/login-common/ssl-proxy-openssl.c @@ -134,7 +134,7 @@ static void ssl_server_context_deinit(struct ssl_server_context **_ctx); static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set); -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); #endif @@ -1051,7 +1051,7 @@ static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set ATTR_UNUSED) { -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) EC_KEY *ecdh; int nid; const char *curve_name; @@ -1064,7 +1064,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, used instead of ECDHE, do not reuse the same ECDH key pair for different sessions. This option improves forward secrecy. */ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE); -#ifdef SSL_CTRL_SET_ECDH_AUTO +#ifdef SSL_CTX_set_ecdh_auto /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1); @@ -1157,7 +1157,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx, } } -#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) +#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto) static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set) {