Hi Ilya,
On Wed, Nov 27, 2019 at 02:50:18AM +0500, ???? ??????? wrote:
> Hello,
>
> I resolved `CRYPTO_set_id_callback', `ERR_remove_state',
> `SSL_CTX_set_ecdh_auto' issues.
Great, thanks!
I'm seeing some minor cosmetic details:
> @@ -5046,7 +5046,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf,
> struct ssl_bind_conf *ssl_
> NULL);
>
> if (ecdhe == NULL) {
> +#if defined(SSL_CTX_set_ecdh_auto)
> (void)SSL_CTX_set_ecdh_auto(ctx, 1);
> +#endif
> return cfgerr;
> }
> #else
Here, in order to avoid the pollution caused by too many ifdefs, I'd
instead put this into openssl-compat.h:
+#if !defined(SSL_CTX_set_ecdh_auto)
+#define SSL_CTX_set_ecdh_auto(a,b) 0
+#endif
As long as we can keep all such changes limited, we could imagine
backporting them, that's great!
Thanks,
Willy
