From: Ilya Shipitsin <chipitsine@gmail.com>
Date: Sun, 21 Mar 2021 07:50:47 +0000 (+0500)
Subject: BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro
X-Git-Tag: v2.4-dev14~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0fd35b05476b45d8a10a299a6b32c8cca0264d9;p=thirdparty%2Fhaproxy.git

BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro

let us use feature macro SSL_CTX_set_tmp_ecdh instead of comparing openssl
version
---

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 16cac6ec47..7d14fa0a9e 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -722,7 +722,7 @@ static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct
 /* parse the "ecdhe" bind keyword keyword */
 static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, int from_cli, char **err)
 {
-#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
+#if !defined(SSL_CTX_set_tmp_ecdh)
 	memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
 	return ERR_ALERT | ERR_FATAL;
 #elif defined(OPENSSL_NO_ECDH)