return (0);
}
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/*
* According to the OpenSSL documentation, temporary RSA key is needed
* export ciphers are in use. We have to provide one, so well, we just do
* it.
*/
SSL_CTX_set_tmp_rsa_callback(client_ctx, tls_tmp_rsa_cb);
+#endif
/*
* Finally, the setup for the server certificate checking, done "by the
#define TLS_INTERNAL
#include <tls.h>
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
/* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
RSA *tls_tmp_rsa_cb(SSL *unused_ssl, int unused_export, int keylength)
rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
return (rsa_tmp);
}
+#endif /* OPENSSL_VERSION_NUMBER */
#ifdef TEST
int main(int unused_argc, char **unused_argv)
{
- tls_tmp_rsa_cb(0, 1, 512);
- tls_tmp_rsa_cb(0, 1, 1024);
- tls_tmp_rsa_cb(0, 1, 2048);
- tls_tmp_rsa_cb(0, 0, 512);
+ int ok = 1;
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ ok = ok && tls_tmp_rsa_cb(0, 1, 512) != 0;
+ ok = ok && tls_tmp_rsa_cb(0, 0, 1024) != 0;
+ ok = ok && tls_tmp_rsa_cb(0, 0, 2048) != 0;
+#endif
+
+ return ok ? 0 : 1;
}
#endif
return (0);
}
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/*
* According to OpenSSL documentation, a temporary RSA key is needed when
* export ciphers are in use, because the certified key cannot be
* directly used.
*/
SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
+#endif
/*
* Diffie-Hellman key generation parameters can either be loaded from
projects / thirdparty / postfix.git / commitdiff
