Hi, On 13-02-17 19:38, O2 Graphics wrote: > Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2 > > Signed-off-by: Olivier Wahrenberger <olivierw...@gmail.com> > --- > src/openvpn/ssl_openssl.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > index 8266595..abf69c9 100644 > --- a/src/openvpn/ssl_openssl.c > +++ b/src/openvpn/ssl_openssl.c > @@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, > const char *curve_name > const EC_GROUP *ecgrp = NULL; > EVP_PKEY *pkey = NULL; > > +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && > !defined(LIBRESSL_VERSION_NUMBER) > + pkey = SSL_CTX_get0_privatekey(ctx->ctx); > +#else > /* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */ > - SSL ssl; > - ssl.cert = ctx->ctx->cert; > - pkey = SSL_get_privatekey(&ssl); > + SSL *ssl = SSL_new(ctx->ctx); > + if (!ssl) > + { > + crypto_msg(M_FATAL, "SSL_new failed"); > + } > + pkey = SSL_get_privatekey(ssl); > + SSL_free(ssl); > +#endif > > msg(D_TLS_DEBUG, "Extracting ECDH curve from private key"); > >
Code still looks good, patch looks a lot better (applies cleanly now), but could use an extra newline in the subject. But that doesn't warrant an extra patch iteration, so ACK. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel