From: Olivier Wahrenberger <olivierw.ml@gmail.com>
Date: Mon, 13 Feb 2017 18:38:26 +0000 (+0100)
Subject: Fix building with LibreSSL 2.5.1 by cleaning a hack.
X-Git-Tag: v2.4.1~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb802b9b0d9366093b5567c0f3e9845b2f30e9cc;p=thirdparty%2Fopenvpn.git

Fix building with LibreSSL 2.5.1 by cleaning a hack.

Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619

Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2

Signed-off-by: Olivier Wahrenberger <olivierw.ml@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170213183826.73008-1-O2Graphics@users.noreply.github.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14045.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit dcfd3b6173d8cdb4658de23db1dd0bd932b390d2)
---

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 826659562..abf69c91a 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
         const EC_GROUP *ecgrp = NULL;
         EVP_PKEY *pkey = NULL;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+        pkey = SSL_CTX_get0_privatekey(ctx->ctx);
+#else
         /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
-        SSL ssl;
-        ssl.cert = ctx->ctx->cert;
-        pkey = SSL_get_privatekey(&ssl);
+        SSL *ssl = SSL_new(ctx->ctx);
+        if (!ssl)
+        {
+            crypto_msg(M_FATAL, "SSL_new failed");
+        }
+        pkey = SSL_get_privatekey(ssl);
+        SSL_free(ssl);
+#endif
 
         msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");