From: Howard Chu <hyc@openldap.org>
Date: Sun, 8 Sep 2013 13:32:23 +0000 (-0700)
Subject: ITS#7595 don't try to use EC if OpenSSL lacks it
X-Git-Tag: OPENLDAP_REL_ENG_2_4_48~87
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b68bf285917ee8638e118cbb5a5e70f494d78ef9;p=thirdparty%2Fopenldap.git

ITS#7595 don't try to use EC if OpenSSL lacks it
---

diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index d3fc020833..3f2813fc38 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -407,8 +407,12 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		DH_free( dh );
 	}
 
-#ifdef SSL_OP_SINGLE_ECDH_USE
 	if ( is_server && lo->ldo_tls_ecname ) {
+#ifdef OPENSSL_NO_EC
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: Elliptic Curves not supported.\n", 0,0,0 );
+		return -1;
+#else
 		EC_KEY *ecdh;
 
 		int nid = OBJ_sn2nid( lt->lt_ecname );
@@ -430,8 +434,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		SSL_CTX_set_tmp_ecdh( ctx, ecdh );
 		SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );
 		EC_KEY_free( ecdh );
-	}
 #endif
+	}
 
 	if ( tlso_opt_trace ) {
 		SSL_CTX_set_info_callback( ctx, tlso_info_cb );