9d830ac67a
- lzma has been enabled by default - lucene support is provided by the -plugin-lucene subpkg. - switch to libressl with some patches from OpenBSD
58 lines
2.4 KiB
Text
58 lines
2.4 KiB
Text
Check for SSL_CTRL_SET_ECDH_AUTO macro instead of OpenSSL version number.
|
|
Fixed compiling with SSL compression disabled.
|
|
|
|
Based on the existing OpenBSD patch, but updated for 2.2.13.
|
|
|
|
--- src/login-common/ssl-proxy-openssl.c.orig 2014-08-04 19:00:05.463014161 +0200
|
|
+++ src/login-common/ssl-proxy-openssl.c 2014-08-04 19:02:39.069231713 +0200
|
|
@@ -125,7 +125,7 @@ static void ssl_server_context_deinit(st
|
|
|
|
static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
|
|
const struct master_service_ssl_settings *set);
|
|
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
|
|
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
|
|
static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
|
|
#endif
|
|
|
|
@@ -769,7 +769,7 @@ const char *ssl_proxy_get_security_strin
|
|
|
|
const char *ssl_proxy_get_compression(struct ssl_proxy *proxy ATTR_UNUSED)
|
|
{
|
|
-#ifdef HAVE_SSL_COMPRESSION
|
|
+#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP)
|
|
const COMP_METHOD *comp;
|
|
|
|
comp = SSL_get_current_compression(proxy->ssl);
|
|
@@ -1024,7 +1024,7 @@ static void
|
|
ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
|
|
const struct master_service_ssl_settings *set ATTR_UNUSED)
|
|
{
|
|
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
|
|
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
|
|
EC_KEY *ecdh;
|
|
int nid;
|
|
const char *curve_name;
|
|
@@ -1032,12 +1032,12 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX
|
|
if (SSL_CTX_need_tmp_RSA(ssl_ctx))
|
|
SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
|
|
SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
|
|
-#ifdef HAVE_ECDH
|
|
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
|
|
/* In the non-recommended situation where ECDH cipher suites are being
|
|
used instead of ECDHE, do not reuse the same ECDH key pair for
|
|
different sessions. This option improves forward secrecy. */
|
|
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
+#ifdef SSL_CTRL_SET_ECDH_AUTO
|
|
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
|
|
selection. */
|
|
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
|
|
@@ -1152,7 +1152,7 @@ ssl_proxy_ctx_use_key(SSL_CTX *ctx,
|
|
EVP_PKEY_free(pkey);
|
|
}
|
|
|
|
-#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
|
|
+#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
|
|
static int
|
|
ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)
|
|
{
|