Merge pull request #6815 from vespa-engine/vekterli/attempt-old-openssl-compatibility

OpenSSL 1.0.1 API quick fixes

1 files changed, 8 insertions, 2 deletions

diff --git a/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp b/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp
index c868f695b98..cff8c2621bc 100644
--- a/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp
+++ b/vespalib/src/vespa/vespalib/net/tls/impl/openssl_tls_context_impl.cpp
@@ -88,7 +88,11 @@ void ensure_openssl_initialized_once() {
 
 BioPtr bio_from_string(vespalib::stringref str) {
     LOG_ASSERT(str.size() <= INT_MAX);
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
     BioPtr bio(::BIO_new_mem_buf(str.data(), static_cast<int>(str.size())));
+#else
+    BioPtr bio(::BIO_new_mem_buf(const_cast<char*>(str.data()), static_cast<int>(str.size())));
+#endif
     if (!bio) {
         throw CryptoException("BIO_new_mem_buf");
     }
@@ -222,14 +226,16 @@ void OpenSslTlsContextImpl::verify_private_key() {
 
 void OpenSslTlsContextImpl::enable_ephemeral_key_exchange() {
     // Always enabled by default on higher versions.
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
     // Auto curve selection is preferred over using SSL_CTX_set_ecdh_tmp
     if (!::SSL_CTX_set_ecdh_auto(_ctx, 1)) {
         throw CryptoException("SSL_CTX_set_ecdh_auto");
     }
-#endif
     // New ECDH key per connection.
     ::SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_ECDH_USE);
+#else
+    // TODO make this work on OpenSSL 1.0.1 as well
+#endif
 }
 
 void OpenSslTlsContextImpl::disable_compression() {