dovecot-2.2: libressl fix: Check for SSL_CTRL_SET_ECDH_AUTO macr...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jul 29 11:27:21 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/e01a298adbe4
changeset: 17666:e01a298adbe4
user: Timo Sirainen <tss at iki.fi>
date: Tue Jul 29 14:25:13 2014 +0300
description:
libressl fix: Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number
Patch by Hanno Böck
diffstat:
src/lib-ssl-iostream/iostream-openssl-context.c | 6 +++---
src/login-common/ssl-proxy-openssl.c | 8 ++++----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (69 lines):
diff -r 53d5039ed212 -r e01a298adbe4 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Tue Jul 29 13:58:10 2014 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c Tue Jul 29 14:25:13 2014 +0300
@@ -416,7 +416,7 @@
return 0;
}
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
static int
ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
int *nid_r, const char **error_r)
@@ -446,7 +446,7 @@
const struct ssl_iostream_settings *set ATTR_UNUSED,
const char **error_r ATTR_UNUSED)
{
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
EC_KEY *ecdh;
int nid;
const char *curve_name;
@@ -459,7 +459,7 @@
used instead of ECDHE, do not reuse the same ECDH key pair for
different sessions. This option improves forward secrecy. */
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#ifdef SSL_CTRL_SET_ECDH_AUTO
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
selection. */
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
diff -r 53d5039ed212 -r e01a298adbe4 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Tue Jul 29 13:58:10 2014 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Tue Jul 29 14:25:13 2014 +0300
@@ -127,7 +127,7 @@
static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
const struct master_service_ssl_settings *set);
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
#endif
@@ -1041,7 +1041,7 @@
ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
const struct master_service_ssl_settings *set ATTR_UNUSED)
{
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
EC_KEY *ecdh;
int nid;
const char *curve_name;
@@ -1054,7 +1054,7 @@
used instead of ECDHE, do not reuse the same ECDH key pair for
different sessions. This option improves forward secrecy. */
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#ifdef SSL_CTRL_SET_ECDH_AUTO
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
selection. */
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
@@ -1169,7 +1169,7 @@
EVP_PKEY_free(pkey);
}
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
static int
ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)
{
More information about the dovecot-cvs
mailing list