[PATCH] BUILD: ssl: use feature guard instead of openssl version for ecdh functions

Илья Шипицин Sun, 21 Mar 2021 01:02:44 -0700

Hello,

yet another patch that reduces number of HA_OPENSSL_VERSION use


Ilya

From 6a33427cf8dce1fbde37f4ad2056c2012d8968e4 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <[email protected]>
Date: Sun, 21 Mar 2021 12:50:47 +0500
Subject: [PATCH] BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh
 macro

let us use feature macro SSL_CTX_set_tmp_ecdh instead of comparing openssl
version
---
 src/cfgparse-ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 4f05ce1c5..e7647b48b 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -722,7 +722,7 @@ static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct
 /* parse the "ecdhe" bind keyword keyword */
 static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
 {
-#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
+#if !defined(SSL_CTX_set_tmp_ecdh)
 	memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
 	return ERR_ALERT | ERR_FATAL;
 #elif defined(OPENSSL_NO_ECDH)
-- 
2.29.2

[PATCH] BUILD: ssl: use feature guard instead of openssl version for ecdh functions

Reply via email to