Browse code
Fix building with LibreSSL 2.5.1 by cleaning a hack.
Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619
Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2
Signed-off-by: Olivier Wahrenberger <olivierw.ml@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170213183826.73008-1-O2Graphics@users.noreply.github.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14045.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Olivier Wahrenberger authored on 2017/02/14 03:38:26Showing 1 changed files
| ... | ... |
@@ -508,10 +508,18 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name |
| 508 | 508 |
const EC_GROUP *ecgrp = NULL; |
| 509 | 509 |
EVP_PKEY *pkey = NULL; |
| 510 | 510 |
|
| 511 |
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
|
| 512 |
+ pkey = SSL_CTX_get0_privatekey(ctx->ctx); |
|
| 513 |
+#else |
|
| 511 | 514 |
/* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */ |
| 512 |
- SSL ssl; |
|
| 513 |
- ssl.cert = ctx->ctx->cert; |
|
| 514 |
- pkey = SSL_get_privatekey(&ssl); |
|
| 515 |
+ SSL *ssl = SSL_new(ctx->ctx); |
|
| 516 |
+ if (!ssl) |
|
| 517 |
+ {
|
|
| 518 |
+ crypto_msg(M_FATAL, "SSL_new failed"); |
|
| 519 |
+ } |
|
| 520 |
+ pkey = SSL_get_privatekey(ssl); |
|
| 521 |
+ SSL_free(ssl); |
|
| 522 |
+#endif |
|
| 515 | 523 |
|
| 516 | 524 |
msg(D_TLS_DEBUG, "Extracting ECDH curve from private key"); |
| 517 | 525 |
|