From: Matt Caswell <matt@openssl.org>
Date: Wed, 14 Oct 2020 16:13:45 +0000 (+0100)
Subject: Disable the DHParameters config option in a no-deprecated build
X-Git-Tag: openssl-3.0.0-alpha9~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b7df247b7538e97133c50aaf27813d30677f729;p=thirdparty%2Fopenssl.git

Disable the DHParameters config option in a no-deprecated build

This option calls SSL_set_tmp_dh() which does not exist in a no-deprecated
build. We need to implement an alternative.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
---

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 96fddfd4cce..2311df5d84d 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -574,7 +574,8 @@ static int cmd_ClientCAStore(SSL_CONF_CTX *cctx, const char *value)
     return cmd_RequestCAStore(cctx, value);
 }
 
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+/* TODO(3.0): We need a 3.0 friendly way of doing this */
 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
 {
     int rv = 0;
@@ -726,7 +727,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD(ClientCAStore, NULL,
                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
                  SSL_CONF_TYPE_STORE),
-#ifndef OPENSSL_NO_DH
+#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     SSL_CONF_CMD(DHParameters, "dhparam",
                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
                  SSL_CONF_TYPE_FILE),