dovecot-2.2: ssl: Fixed compiling with older OpenSSL libraries.
dovecot at dovecot.org
dovecot at dovecot.org
Wed Aug 7 18:00:48 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/27ebd9552471
changeset: 16679:27ebd9552471
user: Timo Sirainen <tss at iki.fi>
date: Wed Aug 07 18:00:32 2013 +0300
description:
ssl: Fixed compiling with older OpenSSL libraries.
diffstat:
src/lib-ssl-iostream/iostream-openssl-context.c | 16 ++++++++++------
src/login-common/ssl-proxy-openssl.c | 18 +++++++++++-------
2 files changed, 21 insertions(+), 13 deletions(-)
diffs (131 lines):
diff -r 17e43eda8f22 -r 27ebd9552471 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Wed Aug 07 17:20:10 2013 +0300
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c Wed Aug 07 18:00:32 2013 +0300
@@ -12,6 +12,10 @@
#include <openssl/err.h>
#include <openssl/rand.h>
+#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L
+# define HAVE_ECDH
+#endif
+
struct ssl_iostream_password_context {
const char *password;
const char *error;
@@ -406,7 +410,7 @@
return 0;
}
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
static int
ssl_proxy_ctx_get_pkey_ec_curve_name(const struct ssl_iostream_settings *set,
int *nid_r, const char **error_r)
@@ -436,7 +440,7 @@
const struct ssl_iostream_settings *set ATTR_UNUSED,
const char **error_r ATTR_UNUSED)
{
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
EC_KEY *ecdh;
int nid;
const char *curve_name;
@@ -444,17 +448,16 @@
if (SSL_CTX_need_tmp_RSA(ssl_ctx))
SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
-#if !defined(OPENSSL_NO_ECDH)
+#ifdef HAVE_ECDH
/* In the non-recommended situation where ECDH cipher suites are being
used instead of ECDHE, do not reuse the same ECDH key pair for
different sessions. This option improves forward secrecy. */
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#endif
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
selection. */
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
-#elif !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L
+#else
/* For OpenSSL < 1.0.2, ECDH temporary key parameter selection must be
performed manually. Attempt to select the same curve as that used
in the server's private EC key file. Otherwise fall back to the
@@ -481,6 +484,7 @@
EC_KEY_free(ecdh);
}
#endif
+#endif
return 0;
}
diff -r 17e43eda8f22 -r 27ebd9552471 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Wed Aug 07 17:20:10 2013 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Wed Aug 07 18:00:32 2013 +0300
@@ -29,6 +29,10 @@
#include <openssl/err.h>
#include <openssl/rand.h>
+#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L
+# define HAVE_ECDH
+#endif
+
/* Check every 30 minutes if parameters file has been updated */
#define SSL_PARAMFILE_CHECK_INTERVAL (60*30)
@@ -121,7 +125,7 @@
static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
const struct master_service_ssl_settings *set);
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
#endif
@@ -1017,7 +1021,7 @@
ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
const struct master_service_ssl_settings *set ATTR_UNUSED)
{
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
EC_KEY *ecdh;
int nid;
const char *curve_name;
@@ -1025,17 +1029,16 @@
if (SSL_CTX_need_tmp_RSA(ssl_ctx))
SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
-#if !defined(OPENSSL_NO_ECDH)
+#ifdef HAVE_ECDH
/* In the non-recommended situation where ECDH cipher suites are being
used instead of ECDHE, do not reuse the same ECDH key pair for
different sessions. This option improves forward secrecy. */
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
-#endif
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
selection. */
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
-#elif !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L
+#else
/* For OpenSSL < 1.0.2, ECDH temporary key parameter selection must be
performed manually. Attempt to select the same curve as that used
in the server's private EC key file. Otherwise fall back to the
@@ -1060,6 +1063,7 @@
EC_KEY_free(ecdh);
}
#endif
+#endif
}
static void
@@ -1145,7 +1149,7 @@
EVP_PKEY_free(pkey);
}
-#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
+#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L
static int
ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set)
{
More information about the dovecot-cvs
mailing list