пт, 20 дек. 2019 г. в 22:47, Lukas Tribus <lu...@ltri.eu>: > SSL_CTX_set_ecdh_auto() is not defined when OpenSSL 1.1.1 is compiled > with the no-deprecated option. Remove existing, incomplete guards and > add a compatibility macro in openssl-compat.h, just as OpenSSL does: > > > https://github.com/openssl/openssl/blob/bf4006a6f9be691ba6eef0e8629e63369a033ccf/include/openssl/ssl.h#L1486 > --- > > Please wait for Ilya's comments before committing this patch. >
Ack from me. > thanks, > -l > > --- > include/common/openssl-compat.h | 4 ++++ > src/ssl_sock.c | 2 -- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/include/common/openssl-compat.h > b/include/common/openssl-compat.h > index 31971bd..72b4e2f 100644 > --- a/include/common/openssl-compat.h > +++ b/include/common/openssl-compat.h > @@ -374,5 +374,9 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey) > #define BIO_meth_set_destroy(m, f) do { (m)->destroy = (f); } while (0) > #endif > > +#ifndef SSL_CTX_set_ecdh_auto > +#define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) > +#endif > + > #endif /* USE_OPENSSL */ > #endif /* _COMMON_OPENSSL_COMPAT_H */ > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index 00258b1..e4dd913 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -5178,9 +5178,7 @@ int ssl_sock_prepare_ctx(struct bind_conf > *bind_conf, struct ssl_bind_conf *ssl_ > err && *err ? *err : "", curproxy->id, > conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line); > cfgerr |= ERR_ALERT | ERR_FATAL; > } > -#if defined(SSL_CTX_set_ecdh_auto) > (void)SSL_CTX_set_ecdh_auto(ctx, 1); > -#endif > } > #endif > #if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH) > -- > 2.7.4 > >