Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619
Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2
Signed-off-by: Olivier Wahrenberger <olivierw.ml@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170213183826.73008-1-O2Graphics@users.noreply.github.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14045.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name |
508 | 508 |
const EC_GROUP *ecgrp = NULL; |
509 | 509 |
EVP_PKEY *pkey = NULL; |
510 | 510 |
|
511 |
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
|
512 |
+ pkey = SSL_CTX_get0_privatekey(ctx->ctx); |
|
513 |
+#else |
|
511 | 514 |
/* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */ |
512 |
- SSL ssl; |
|
513 |
- ssl.cert = ctx->ctx->cert; |
|
514 |
- pkey = SSL_get_privatekey(&ssl); |
|
515 |
+ SSL *ssl = SSL_new(ctx->ctx); |
|
516 |
+ if (!ssl) |
|
517 |
+ { |
|
518 |
+ crypto_msg(M_FATAL, "SSL_new failed"); |
|
519 |
+ } |
|
520 |
+ pkey = SSL_get_privatekey(ssl); |
|
521 |
+ SSL_free(ssl); |
|
522 |
+#endif |
|
515 | 523 |
|
516 | 524 |
msg(D_TLS_DEBUG, "Extracting ECDH curve from private key"); |
517 | 525 |
|