return (0);
}
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/*
* According to the OpenSSL documentation, temporary RSA key is needed
* export ciphers are in use. We have to provide one, so well, we just do
* it.
*/
SSL_CTX_set_tmp_rsa_callback(client_ctx, tls_tmp_rsa_cb);
+#endif
/*
* Finally, the setup for the server certificate checking, done "by the
#define TLS_INTERNAL
#include <tls.h>
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
/* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
RSA *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength)
return (rsa_tmp);
}
+#endif /* OPENSSL_VERSION_NUMBER */
#ifdef TEST
int main(int unused_argc, char *const argv[])
{
+ int ok = 0;
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
RSA *rsa;
- int ok;
msg_vstream_init(argv[0], VSTREAM_ERR);
/* Non-export or unexpected bit length should fail */
ok = ok && tls_tmp_rsa_cb(0, 0, 512) == 0;
ok = ok && tls_tmp_rsa_cb(0, 1, 1024) == 0;
+#endif
return ok ? 0 : 1;
}
return (0);
}
+ /*
+ * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/*
* According to OpenSSL documentation, a temporary RSA key is needed when
* export ciphers are in use, because the certified key cannot be
* directly used.
*/
SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
+#endif
/*
* Diffie-Hellman key generation parameters can either be loaded from
projects / thirdparty / postfix.git / commitdiff
