Remove calls to SSL_CTX_set_ecdh_auto()

SSL_CTX_set_ecdh_auto() was introduced for  OpenSSL 1.0.2. It
has no effect for OpenSSL 1.1.0 and later. For versions before
1.0.2 and after (and including 1.1.0) it should not be called.

The macro was erroneously being called twice for OpenSSL 3.0.0 and
later - this has also been remedied
This commit is contained in:
matt335672 2024-10-28 11:21:27 +00:00
parent 514c62c7c1
commit a958e37e20

View File

@ -1104,15 +1104,12 @@ ssl_tls_accept(struct ssl_tls *self, long ssl_protocols,
return 1;
}
DH_free(dh); // ok to free, copied into ctx by SSL_CTX_set_tmp_dh()
#else
if (!SSL_CTX_set_dh_auto(self->ctx, 1))
{
LOG(LOG_LEVEL_ERROR, "TLS DHE auto failed to be enabled");
dump_ssl_error_stack(self);
return 1;
}
#endif
#if defined(SSL_CTX_set_ecdh_auto)
#if (OPENSSL_VERSION_NUMBER >= 0x10000020L) && \
OPENSSL_VERSION_NUMBER < (0x10100000L)
// SSL_CTX_set_ecdh_auto() added in OpenSSL 1.0.2 and
// removed for OpenSSL 1.1.0
if (!SSL_CTX_set_ecdh_auto(self->ctx, 1))
{
LOG(LOG_LEVEL_WARNING, "TLS ecdh auto failed to be enabled");