On Mon, Feb 06, 2017 at 08:18:01PM +0100, Olivier W wrote: > Should be compatible with all versions of OpenSSL and LibreSSL. > Similar to what is done in curl: > https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619 > > Error while compiling was: > "ssl_openssl.c:512:30: error: no member named 'cert' in 'struct ssl_ctx_st' > ssl.cert = ctx->ctx->cert; > ~ ^ > 1 error generated. > *** Error code 1" > --- > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > index 8266595..a889332 100644 > --- a/src/openvpn/ssl_openssl.c > +++ b/src/openvpn/ssl_openssl.c > @@ -508,10 +508,13 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx > *ctx, const char *curve_name > const EC_GROUP *ecgrp = NULL; > EVP_PKEY *pkey = NULL; > > - /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */ > - SSL ssl; > - ssl.cert = ctx->ctx->cert; > - pkey = SSL_get_privatekey(&ssl); > + SSL *ssl = SSL_new(ctx->ctx); > + if (!ssl) > + { > + crypto_msg(M_FATAL, "SSL_new failed"); > + } > + pkey = SSL_get_privatekey(ssl); > + SSL_free(ssl);
I have a question (sorry if I couldn't check myself): did you check that SSL_get_privatekey() and SSL_free() won't crash when ssl is NULL ? Cheers, -- Antonio Quartulli
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel