MINOR: ssl: Add ssl_sock_set_tmp_dh helper function

Starting from OpenSSLv3, the SSL_CTX_set_tmp_dh function is deprecated
and it should be replaced by SSL_CTX_set0_tmp_dh_pkey, which takes an
EVP_PKEY instead of a DH parameter. Since this function is new to
OpenSSLv3 and its use requires an extra EVP_PKEY_up_ref call, we will
keep the two versions side by side, otherwise it would require to get
rid of all DH references in older OpenSSL versions as well.
This helper function is not used yet so this commit should be strictly
iso-functional, regardless of the OpenSSL version.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d615593194ebf8ae15183619e3e54a49c2b6be24..f75a454767d8c6574670eede37cc46f997ee2aea 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3091,6 +3091,23 @@ static DH *ssl_get_tmp_dh_cbk(SSL *ssl, int export, int keylen)
        return ssl_get_tmp_dh(pkey);
 }
 
+static int ssl_sock_set_tmp_dh(SSL_CTX *ctx, HASSL_DH *dh)
+{
+#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
+       return SSL_CTX_set_tmp_dh(ctx, dh);
+#else
+       int retval = 0;
+       HASSL_DH_up_ref(dh);
+
+       retval = SSL_CTX_set0_tmp_dh_pkey(ctx, dh);
+
+       if (!retval)
+               HASSL_DH_free(dh);
+
+       return retval;
+#endif
+}
+
 HASSL_DH *ssl_sock_get_dh_from_bio(BIO *bio)
 {
 #if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)