From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Mon, 19 Feb 2018 07:54:09 +0000 (+0200)
Subject: login-common,lib-ssl-iostream: Use SSL_CTX_set_ecdh_auto
X-Git-Tag: 2.2.35~47
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ef6a75252af7c737414e1815610cb7e7a256b31;p=thirdparty%2Fdovecot%2Fcore.git

login-common,lib-ssl-iostream: Use SSL_CTX_set_ecdh_auto

This macro is same for 1.0.2 and 1.1.0 and libressl.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 4dca1fd97a..d5b1b3cf43 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -378,7 +378,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 	return 0;
 }
 
-#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto)
 static int
 ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
 				     int *nid_r, const char **error_r)
@@ -412,7 +412,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
 				const struct ssl_iostream_settings *set ATTR_UNUSED,
 				const char **error_r ATTR_UNUSED)
 {
-#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto)
 	EC_KEY *ecdh;
 	int nid;
 	const char *curve_name;
@@ -425,7 +425,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
 	   used instead of ECDHE, do not reuse the same ECDH key pair for
 	   different sessions. This option improves forward secrecy. */
 	SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#ifdef SSL_CTRL_SET_ECDH_AUTO
+#ifdef SSL_CTX_set_ecdh_auto
 	/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
 	   selection. */
 	if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) {
diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index e2e065405b..606b3dfa84 100644
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -134,7 +134,7 @@ static void ssl_server_context_deinit(struct ssl_server_context **_ctx);
 
 static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
                                             const struct master_service_ssl_settings *set);
-#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto)
 static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
 #endif
 
@@ -1051,7 +1051,7 @@ static void
 ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
 	const struct master_service_ssl_settings *set ATTR_UNUSED)
 {
-#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto)
 	EC_KEY *ecdh;
 	int nid;
 	const char *curve_name;
@@ -1064,7 +1064,7 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
 	   used instead of ECDHE, do not reuse the same ECDH key pair for
 	   different sessions. This option improves forward secrecy. */
 	SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#ifdef SSL_CTRL_SET_ECDH_AUTO
+#ifdef SSL_CTX_set_ecdh_auto
 	/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
 	   selection. */
 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
@@ -1157,7 +1157,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx,
 	}
 }
 
-#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
+#if defined(HAVE_ECDH) && !defined(SSL_CTX_set_ecdh_auto)
 static int
 ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)
 {