diff options
author | HÃ¥vard Pettersen <havardpe@gmail.com> | 2018-09-05 16:18:49 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-05 16:18:49 +0200 |
commit | c01161c5e1c8aa4be2709f250b855e680c4c6f94 (patch) | |
tree | 269bd4858fa42957fadb34769275f5330ca2498b /vespalib/src | |
parent | 102b06ba1f3760c8642b50e5590ff8e9e3cc5788 (diff) | |
parent | 5349b2ebff37d587060247dd0fd631fb12ab02f5 (diff) |
Merge pull request #6815 from vespa-engine/vekterli/attempt-old-openssl-compatibility
OpenSSL 1.0.1 API quick fixes
Diffstat (limited to 'vespalib/src')
-rw-r--r-- | vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp b/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp index c868f695b98..cff8c2621bc 100644 --- a/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp @@ -88,7 +88,11 @@ void ensure_openssl_initialized_once() { BioPtr bio_from_string(vespalib::stringref str) { LOG_ASSERT(str.size() <= INT_MAX); +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) BioPtr bio(::BIO_new_mem_buf(str.data(), static_cast<int>(str.size()))); +#else + BioPtr bio(::BIO_new_mem_buf(const_cast<char*>(str.data()), static_cast<int>(str.size()))); +#endif if (!bio) { throw CryptoException("BIO_new_mem_buf"); } @@ -222,14 +226,16 @@ void OpenSslTlsContextImpl::verify_private_key() { void OpenSslTlsContextImpl::enable_ephemeral_key_exchange() { // Always enabled by default on higher versions. -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L) // Auto curve selection is preferred over using SSL_CTX_set_ecdh_tmp if (!::SSL_CTX_set_ecdh_auto(_ctx, 1)) { throw CryptoException("SSL_CTX_set_ecdh_auto"); } -#endif // New ECDH key per connection. ::SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_ECDH_USE); +#else + // TODO make this work on OpenSSL 1.0.1 as well +#endif } void OpenSslTlsContextImpl::disable_compression() { |