libressl fix: Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number

Patch by Hanno Böck

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index c8c60c6edf37fe7169e62c51424d4221307b48d2..b52074938efb44f1b2f3ae75b3c86d999d9e7d40 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -416,7 +416,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
        return 0;
 }
 
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
 static int
 ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
                                     int *nid_r, const char **error_r)
@@ -446,7 +446,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
                                const struct ssl_iostream_settings *set ATTR_UNUSED,
                                const char **error_r ATTR_UNUSED)
 {
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
        EC_KEY *ecdh;
        int nid;
        const char *curve_name;
@@ -459,7 +459,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
           used instead of ECDHE, do not reuse the same ECDH key pair for
           different sessions. This option improves forward secrecy. */
        SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#ifdef SSL_CTRL_SET_ECDH_AUTO
        /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
           selection. */
        SSL_CTX_set_ecdh_auto(ssl_ctx, 1);

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index 1bdb7eb8d68de899ddb5491bd2f41634a24d1e63..2869662867a65db7ad30b3abadc5994903c60673 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -127,7 +127,7 @@ static void ssl_server_context_deinit(struct ssl_server_context **_ctx);
 
 static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
                                             const struct master_service_ssl_settings *set);
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
 static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
 #endif
 
@@ -1041,7 +1041,7 @@ static void
 ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
        const struct master_service_ssl_settings *set ATTR_UNUSED)
 {
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
        EC_KEY *ecdh;
        int nid;
        const char *curve_name;
@@ -1054,7 +1054,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
           used instead of ECDHE, do not reuse the same ECDH key pair for
           different sessions. This option improves forward secrecy. */
        SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#ifdef SSL_CTRL_SET_ECDH_AUTO
        /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
           selection. */
        SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
@@ -1169,7 +1169,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx,
        EVP_PKEY_free(pkey);
 }
 
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
 static int
 ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)
 {