[exim-dev] [Bug 2954] tls_eccurve (>= OpenSSL 3.0.0) dysfunctional

Sun, 01 Jan 2023 23:43:08 -0800 

https://bugs.exim.org/show_bug.cgi?id=2954

--- Comment #4 from help@novo.media ---
-------------------------------------------
*** tls-openssl.c ORIGINAL EXCERPT ***
-------------------------------------------
# if OPENSSL_VERSION_NUMBER < 0x30000000L
 {
  EC_KEY * ecdh;
  if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
    {
    tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
    return FALSE;
    }

  /* The "tmp" in the name here refers to setting a temporary key
  not to the stability of the interface. */

  if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
    tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL,
NULL, errstr);
  else
    DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
  EC_KEY_free(ecdh);
 }

#else   /* v 3.0.0 + */

if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
  tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL,
errstr);
else
  DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);

#endif



-------------------------------------------
*** tls-openssl.c PATCHED EXCERPT ***
-------------------------------------------
# if OPENSSL_VERSION_NUMBER < 0x30000000L
 {
  EC_KEY * ecdh;
  if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
    {
    tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
    return FALSE;
    }

  /* The "tmp" in the name here refers to setting a temporary key
  not to the stability of the interface. */

  if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
    tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL,
NULL, errstr);
  else
    DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
  EC_KEY_free(ecdh);
 }

#else   /* v 3.0.0 + */

if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1) == 0))
  tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL,
errstr);
else
  DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);

#endif



-------------------------------------------
*** RELEVANT CHANGES MADE ***
-------------------------------------------
- if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
+ if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1) == 0))

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Reply via email to