Hi,
On 13-02-17 19:38, O2 Graphics wrote:
> Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2
>
> Signed-off-by: Olivier Wahrenberger <olivierw...@gmail.com>
> ---
> src/openvpn/ssl_openssl.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index 8266595..abf69c9 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx,
> const char *curve_name
> const EC_GROUP *ecgrp = NULL;
> EVP_PKEY *pkey = NULL;
>
> +#if OPENSSL_VERSION_NUMBER >= 0x10002000L &&
> !defined(LIBRESSL_VERSION_NUMBER)
> + pkey = SSL_CTX_get0_privatekey(ctx->ctx);
> +#else
> /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
> - SSL ssl;
> - ssl.cert = ctx->ctx->cert;
> - pkey = SSL_get_privatekey(&ssl);
> + SSL *ssl = SSL_new(ctx->ctx);
> + if (!ssl)
> + {
> + crypto_msg(M_FATAL, "SSL_new failed");
> + }
> + pkey = SSL_get_privatekey(ssl);
> + SSL_free(ssl);
> +#endif
>
> msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
>
>
Code still looks good, patch looks a lot better (applies cleanly now),
but could use an extra newline in the subject. But that doesn't warrant
an extra patch iteration, so ACK.
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
