Hi,

> Le 27 nov. 2019 à 03:46, Willy Tarreau <w...@1wt.eu> a écrit :
> 
>> @@ -5046,7 +5046,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, 
>> struct ssl_bind_conf *ssl_
>>                       NULL);
>> 
>>              if (ecdhe == NULL) {
>> +#if defined(SSL_CTX_set_ecdh_auto)
>>                      (void)SSL_CTX_set_ecdh_auto(ctx, 1);
>> +#endif
>>                      return cfgerr;
>>              }
>> #else
> 
> Here, in order to avoid the pollution caused by too many ifdefs, I'd
> instead put this into openssl-compat.h:
> 
> +#if !defined(SSL_CTX_set_ecdh_auto)
> +#define SSL_CTX_set_ecdh_auto(a,b) 0
> +#endif
> 
> As long as we can keep all such changes limited, we could imagine
> backporting them, that's great!
> 


To be suitable with  deprecated version of libssl* should be:
#define SSL_CTX_set_ecdh_auto(ctx, onoff)  ((onoff) != 0)
or
#define SSL_CTX_set_ecdh_auto(ctx, onoff) 1

++
Manu


Reply via email to