Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2
Signed-off-by: Olivier Wahrenberger <[email protected]>
---
src/openvpn/ssl_openssl.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 8266595..abf69c9 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const
char *curve_name
const EC_GROUP *ecgrp = NULL;
EVP_PKEY *pkey = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ pkey = SSL_CTX_get0_privatekey(ctx->ctx);
+#else
/* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
- SSL ssl;
- ssl.cert = ctx->ctx->cert;
- pkey = SSL_get_privatekey(&ssl);
+ SSL *ssl = SSL_new(ctx->ctx);
+ if (!ssl)
+ {
+ crypto_msg(M_FATAL, "SSL_new failed");
+ }
+ pkey = SSL_get_privatekey(ssl);
+ SSL_free(ssl);
+#endif
msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
--
2.11.1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
