openssl.ssl.context.new: Turn on ecdh_auto in OpenSSL 1.0.2

It's on by default in 1.1.0, and supported in < 1.0.2. Suggestion taken from ruby openssl implementation: https://github.com/ruby/openssl/blob/a7bbd590c66d40bd662502df9c65474e85b5f03f/ext/openssl/ossl_ssl.c#L135
author: daurnimator <quae@daurnimator.com> 2017-04-03 12:54:23 +1000
committer: daurnimator <quae@daurnimator.com> 2017-04-03 13:27:15 +1000
commit: a0346d8054d3b19a7e30b5de70048c001d8c2c26 (patch)
tree: 4537a248b1d277ffb2e78bef38b78e0c3f212aab
parent: 70439fbea9ddd6acb942fc746bea9a522f940380 (diff)
download: luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.gz
luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.bz2
luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c
index d679d92..652e38a 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -258,6 +258,10 @@
 #define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
 #endif
+#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO
+#define HAVE_SSL_CTX_SET_ECDH_AUTO ((OPENSSL_PREREQ(1,0,2) && !OPENSSL_PREREQ(1,1,0)) || LIBRESSL_PREREQ(2,1,2))
+#endif
 #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
 #define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3))
 #endif
@@ -7575,6 +7579,15 @@ static int sx_new(lua_State *L) {
        SSL_CTX_set_options(*ud, options);
+#if HAVE_SSL_CTX_SET_ECDH_AUTO
+        /* OpenSSL 1.0.2 introduced SSL_CTX_set_ecdh_auto to automatically select
+         * from the curves set via SSL_CTX_set1_curves_list. However as of OpenSSL
+         * 1.1.0, the functionality was turned on permanently and the option
+         * removed. */
+        if (!SSL_CTX_set_ecdh_auto(*ud, 1))
+                return auxL_error(L, auxL_EOPENSSL, "ssl.context.new");
+#endif
        return 1;
 } /* sx_new() */
author	daurnimator <quae@daurnimator.com>	2017-04-03 12:54:23 +1000
committer	daurnimator <quae@daurnimator.com>	2017-04-03 13:27:15 +1000
commit	a0346d8054d3b19a7e30b5de70048c001d8c2c26 (patch)
tree	4537a248b1d277ffb2e78bef38b78e0c3f212aab
parent	70439fbea9ddd6acb942fc746bea9a522f940380 (diff)
download	luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.gz luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.tar.bz2 luaossl-a0346d8054d3b19a7e30b5de70048c001d8c2c26.zip

diff --git a/src/openssl.c b/src/openssl.c index d679d92..652e38a 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -258,6 +258,10 @@
258	#define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,5,1))	258	#define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,5,1))
259	#endif	259	#endif
260		260
		261	#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO
		262	#define HAVE_SSL_CTX_SET_ECDH_AUTO ((OPENSSL_PREREQ(1,0,2) && !OPENSSL_PREREQ(1,1,0)) \|\| LIBRESSL_PREREQ(2,1,2))
		263	#endif
		264
261	#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS	265	#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
262	#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,1,3))	266	#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,1,3))
263	#endif	267	#endif
@@ -7575,6 +7579,15 @@ static int sx_new(lua_State *L) {
7575		7579
7576	SSL_CTX_set_options(*ud, options);	7580	SSL_CTX_set_options(*ud, options);
7577		7581
		7582	#if HAVE_SSL_CTX_SET_ECDH_AUTO
		7583	/* OpenSSL 1.0.2 introduced SSL_CTX_set_ecdh_auto to automatically select
		7584	* from the curves set via SSL_CTX_set1_curves_list. However as of OpenSSL
		7585	* 1.1.0, the functionality was turned on permanently and the option
		7586	* removed. */
		7587	if (!SSL_CTX_set_ecdh_auto(*ud, 1))
		7588	return auxL_error(L, auxL_EOPENSSL, "ssl.context.new");
		7589	#endif
		7590
7578	return 1;	7591	return 1;
7579	} /* sx_new() */	7592	} /* sx_new() */
7580		7593