On 7.8.2013, at 15.00, Tomi Vainio Tomi.Vainio@Oracle.COM wrote:

Compile fails in these two files src/lib-ssl-iostream/iostream-openssl-context.c src/login-common/ssl-proxy-openssl.c due to missing SSL_OP_SINGLE_ECDH_USE

I did some further cleanups, this should help: http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471

On Wed, 2013-08-07 at 15:00 +0300, Tomi Vainio wrote:

Compile fails in these two files src/lib-ssl-iostream/iostream-openssl-context.c src/login-common/ssl-proxy-openssl.c due to missing SSL_OP_SINGLE_ECDH_USE

In these there is only #if !defined(OPENSSL_NO_ECDH) when all the other places it always compares also SSL version #if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L

SSL_OP_SINGLE_ECDH_USE has been defined in OpenSSL's ssl/ssl.h since draft ECC support was first committed on 9 Aug 2002[1]. OpenSSL's CHANGES file states that draft ECC support was added between openssl-0.9.7 and openssl-0.9.8. OpenSSL has also been defining OPENSSL_NO_ECDH in the build script since 30 Jan 2009[2]. All releases in the openssl-0.9.8 series and higher should therefore have both SSL_OP_SINGLE_ECDH_USE and OPENSSL_NO_ECDH defined.

Would I be correct to assume that Solaris 10 is bundling OpenSSL <=0.9.7?

[1] http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/ssl.h;h=49e3c52c9c...

[2] http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=util/mk1mf.pl;h=5f...