ITS#7595 don't try to use EC if OpenSSL lacks it

author Howard Chu <hyc@openldap.org>

Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)

committer Quanah Gibson-Mount <quanah@openldap.org>

Mon, 6 May 2019 20:08:32 +0000 (20:08 +0000)
author Howard Chu <hyc@openldap.org>
Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)
committer Quanah Gibson-Mount <quanah@openldap.org>
Mon, 6 May 2019 20:08:32 +0000 (20:08 +0000)
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c

index d3fc020833986f22098d3dca20387158ef9b2269..3f2813fc3878b40ebd0815f8993f4dc768e81b98 100644 (file)
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -407,8 +407,12 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
                 DH_free( dh );
         }
  
-#ifdef SSL_OP_SINGLE_ECDH_USE
         if ( is_server && lo->ldo_tls_ecname ) {
+#ifdef OPENSSL_NO_EC
+               Debug( LDAP_DEBUG_ANY,
+                       "TLS: Elliptic Curves not supported.\n", 0,0,0 );
+               return -1;
+#else
                 EC_KEY *ecdh;
  
                 int nid = OBJ_sn2nid( lt->lt_ecname );
@@ -430,8 +434,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
                 SSL_CTX_set_tmp_ecdh( ctx, ecdh );
                 SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );
                 EC_KEY_free( ecdh );
-       }
  #endif
+       }
  
         if ( tlso_opt_trace ) {
                 SSL_CTX_set_info_callback( ctx, tlso_info_cb );
author	Howard Chu <hyc@openldap.org>
	Sun, 8 Sep 2013 13:32:23 +0000 (06:32 -0700)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Mon, 6 May 2019 20:08:32 +0000 (20:08 +0000)